Quote for the day:
"Choose your heroes very carefully and then emulate them. You will never be perfect, but you can always be better." -- Warren Buffet
A developer’s guide to avoiding the brambles
Protect against the impossible, because it just might happen. Code has a way of
surprising you, and it definitely changes. Right now you might think there is no
way that a given integer variable would be less than zero, but you have no idea
what some crazed future developer might do. Go ahead and guard against the
impossible, and you’ll never have to worry about it becoming possible. ... If
you’re ever tempted to reuse a variable within a routine for something
completely different, don’t do it. Just declare another variable. If you’re ever
tempted to have a function do two things depending on a “flag” that you passed
in as a parameter, write two different functions. If you have a switch statement
that is going to pick from five different queries for a class to execute, write
a class for each query and use a factory to produce the right class for the job.
... Ruthlessly root out the smallest of mistakes. I follow this rule religiously
when I code. I don’t allow typos in comments. I don’t allow myself even the
smallest of formatting inconsistencies. I remove any unused variables. I don’t
allow commented code to remain in the code base. If your language of choice is
case-insensitive, refuse to allow inconsistent casing in your code. ...
Implicitness increases cognitive load. When code does things implicitly, the
developer has to stop and guess what the compiler is going to do. Default
variables, hidden conversions, and hidden side effects all make code hard to
reason about. SaaS Rolls Forward, Not Backward: Strategies to Prevent Data Loss and Downtime
The SaaS provider owns infrastructure-level redundancy and backups to maintain
operational continuity during regional outages or major disruptions. InfoSec
and SaaS teams are no longer responsible for infrastructure resilience.
Instead, they are responsible for backing up and recovering data and files
stored in their SaaS instances. This is significant for two primary reasons.
First, the RTO and RPO for SaaS data become dependent on the vendor's
capabilities, which are not within the control of the customer. ... A common
misconception, even among mature InfoSec teams, is the assumption that SaaS
data protection is fully managed by the vendor. This “set it and forget it”
mindset, while understandable given the cloud promise, overlooks the need for
organizations to backup their SaaS data. Common causes of data loss and
corruption are human errors within the customer’s SaaS instance, including
accidental deletion, integration issues, and migration mishaps which fall
under the customer’s responsibility. ... InfoSec and SaaS teams must combine
their knowledge and experience to ensure that backups contain all necessary
data, as well as metadata, which provides the necessary context, and can be
restored reliably. SaaS administrators can prevent users from logging in,
disable automations, block upstream data from being sent, or restrict data
from being sent to downstream systems as needed.EU publishes Digital Omnibus leaving AI Act future uncertain
The European Commission unveiled amendments on Wednesday designed to simplify
its digital regulatory framework, including the AI Act and data privacy rules,
in a bid to boost innovation. The Digital Omnibus package introduces several
measures, including delaying the stricter regulation of ‘high-risk’ AI
applications until late 2027 and allowing companies to use sensitive data,
such as biometrics, for AI training under certain conditions. ... The Digital
Omnibus also attempts to adapt rules within privacy regulation, such as the
General Data Protection Regulation (GDPR), the e-Privacy Directive and the
Data Act. The Commission plans to clarify when data stops being “personal.”
This could open the doors for tech companies to include anonymous information
from EU citizens into large datasets for training AI, even when they contain
sensitive information such as biometric data, as long as they make reasonable
efforts to remove it. ... EU member states have also called for postponing the
rollout of the AI Act altogether, citing difficulties in defining related
technical standards and the need for Europe to stay competitive in the global
technological race. “Europe has not so far reaped the full benefits of the
digital revolution,” says European economy commissioner Valdis Dombrovskis.
“And we cannot afford to pay the price for failing to keep up with demands of
the changing world.”Building Distributed Event-Driven Architectures Across Multi-Cloud Boundaries
/filters:no_upscale()/articles/multi-cloud-event-driven-architectures/en/resources/36figure-6-1762944573069.jpg)
The elegant simplicity of "fire an event and forget" becomes a complex
orchestration of latency optimization, failure recovery, and data consistency
across provider boundaries. Yet, when done right, multi-cloud event-driven
architectures offer unprecedented resilience, performance, and business
agility. ... Multi-cloud latency isn't just about network speed, it's about
the compound effect of architectural decisions across cloud boundaries.
Consider a transaction that needs to traverse from on-premise to AWS for risk
assessment, then to Azure for analytics processing, and back to on-premise for
core banking updates. Each hop introduces latency, but the cumulative effect
can transform a sub-100 ms transaction into a multi-second operation. ... Here
is an uncomfortable truth: Most resilience strategies focus on the wrong
problem. As engineers, we typically put our efforts into handling failures
that occur during an outage or when a service component is down. Equally
important is how you recover from those failures after the outage is over.
This approach to recovery creates systems that "fail fast" but "recover
never". ... The combination of event stores, resilient policies, and
systematic event replay capabilities creates a distributed system that not
only survives failures, but also recovers automatically, which is a critical
requirement for multi-cloud architectures. ... While duplicate risk processing
merely wastes resources, duplicate financial transactions create regulatory
nightmares and audit failures.For AI to succeed in the SOC, CISOs need to remove legacy walls now
"The legacy SOC, as we know it, can't compete. It's turned into a modern-day
firefighter," warned CrowdStrike CEO George Kurtz during his keynote at Fal.Con
2025. "The world is entering an arms race for AI superiority as adversaries
weaponize AI to accelerate attacks. In the AI era, security comes down to three
things: the quality of your data, the speed of your response, and the precision
of your enforcement." Enterprise SOCs average 83 security tools across 29
different vendors, each generating isolated data streams that defy easy
integration to the latest generation of AI systems. System fragmentation and
lack of integration represent AI's greatest vulnerability, and organizations'
most fixable problem. The mathematics of tool sprawl proves devastating.
Organizations deploying AI across fragmented toolsets report significantly
elevated false-positive rates. ... Getting governance right is one of a CISO's
most formidable challenges and often includes removing longstanding roadblocks
to make sure their organization can connect and make contributions across the
business. ... A CISO's transformation from security gatekeeper to business
enabler and strategist is the single best step any security professional can
take in their career. CISOS often remark in interviews that the transition from
being an app and data disciplinarian to an enabler of new growth with the
ultimate goal of showing how their teams help drive revenue was the catalyst
their careers needed.
Selling to the CISO: An open letter to the cybersecurity industry
Vendors think they’re selling technology. They’re not. They’re trying to sell
confidence to people whose jobs depend on managing the impossible. As a CISO, I
buy because I’m trying to reduce the odds that something catastrophic happens on
my watch. Every decision is a gamble. There is no “safe” option in this field. I
buy to reduce personal and organizational risk, knowing there’s no such thing as
perfect protection. Cybersecurity is not a puzzle you solve. It’s a game you
play — and it never ends. You make the best moves you can, knowing you’ll never
win. Even if I somehow patched every system and closed every gap, the cost of
perfection would cripple the company. ... The truth is that most organizations
don’t need more tools. They need to get the fundamentals right. If you can patch
consistently, maintain good access controls, and segment your networks so you
aren’t running flat, you’re ahead of most of the market — no shiny tools
required. Strong patching alone will eliminate most of the attack surface that
vendors keep promising to “detect.” ... We can’t blame vendors alone. We created
the market they’re serving. We bought into the illusion that innovation equals
progress. We ignored the fundamentals because they’re hard and unglamorous. We
filled our environments with products we couldn’t fully use and called it
maturity. We built complexity and called it strategy. Then we act shocked when
the same root causes keep taking us down. Good security still starts with good
IT. Always has. Always will. If you don’t know what you own, you can’t protect
it.
When IT fails, OT pays the price
Criminal groups are now demonstrating a better understanding of industrial
dependencies. The Qilin group carried out 63 confirmed attacks against
industrial entities since mid 2024 and has focused on energy distribution and
water utilities. Their use of Windows and Linux payloads gives them wider reach
inside mixed environments. Several incidents involved encryption of shared
engineering resources and historian systems, which caused operational delays
even when controllers remained untouched. ... Across intrusions, attackers
favored techniques that exploit weak segmentation. PowerShell activity made up
the largest share of detections, followed by Cobalt Strike. The findings show
that adversaries rarely need ICS specific exploits at the start of an attack.
They rely on stolen accounts, remote access tools, and administrative shares to
move toward engineering assets. ... The vulnerability data reinforces the
emphasis on the boundary between enterprise systems and industrial systems.
Ongoing exploitation of Cisco ASA and FTD devices, including attacks that
modified device firmware. Several critical flaws in SAP NetWeaver and other
manufacturing operations software were also exploited, which created direct
pivot points into factory workflows. Recent disclosures affecting Rockwell
ControlLogix and GuardLogix platforms allow remote code execution or force the
controller into a failed state. Attacks on these devices pose immediate
availability and safety risks.
India has the building blocks to influence global standards in AI infrastructure
The convergence of cloud, edge, and connectivity represents the foundation of India’s next AI leap. In a country as geographically and economically diverse as India, AI workloads can’t depend solely on centralized cloud resources. Edge computing allows us to bring compute closer to the source of data be it in a factory, retail store, or farm which reduces latency, lowers costs, and enhances privacy. Cloud provides elasticity and scalability, while secure connectivity ensures that both environments communicate seamlessly. This triad enables an AI model to be trained in the cloud, refined at the edge, and deployed securely across networks unlocking innovation in every geography. We have been building this connected fabric to ensure that access to compute and intelligence isn’t limited by location or scale. ... We see this evolution already unfolding. AI-as-a-Service will thrive when infrastructure, connectivity, and platforms converge under a single, interoperable framework. Each stakeholder; telecoms, data centres, and hyperscalers brings a unique value: scale, proximity, and reach. ... India is already shaping global conversations around digital equity and secure connectivity, and the same potential exists in AI infrastructure. In next 5 years, India could stand out not for the size of its compute capacity but for how effectively it builds an inclusive digital foundation, one that blends cloud, edge, data governance, and innovation seamlessly.How to Overcome Latency in Your Cyber Career
The presence of latency is not an indictment of your ability. It's a signal that
something in your system needs attention. Identifying what creates latency in
your professional life and learning how to address it are essential components
of long-term growth. With a diagnostic mindset and a willingness to optimize,
you can restore throughput and move forward with purpose. ... Career latency
often appears when your knowledge no longer reflects current industry
expectations. Even highly capable professionals experience slowdown when their
technical foundation lags behind evolving practices. ... Unclear goals create
misalignment between where you invest your time and where you want to progress.
Without a defined direction, you may be working hard but not moving in a way
that supports advancement. ... Professionals often operate under heavy workloads
that dilute productivity. Too many competing responsibilities, constant context
switching or tasks disconnected from your goals can limit your effectiveness and
delay growth. ... Career progress can slow when your professional network lacks
the signal strength needed to route opportunities in your direction. Without
mentorship, community or visibility, growth becomes harder to sustain. ...
Missed opportunities often stem from limited readiness. Preparation, bandwidth
or timing may be misaligned, and promising chances can disappear before you can
act.
Why IT-SecOps Convergence is Non-Negotiable
The message is clear: siloed operations are no longer just inefficient—they’re a
security liability. ... The first, and often the most difficult step toward
achieving true IT-SecOps convergence, is cultural. For years, IT and security
teams have operated in silos, essentially functioning as two different
businesses. ... On paper, these Key Performance Indicators (KPIs) appear
aligned—both measure speed and efficiency. But in practice, they reflect
different views: one is laser-focused on minimizing risk, the other on
maximizing uptime. ... The real opportunity lies in establishing a shared
mandate. Both teams need to understand that their goals are two sides of the
same coin: you can’t have productive systems that aren’t secure, and security
that breaks the system isn’t sustainable; therefore, convergence begins not with
tools, but with alignment of intent. Once this clicks, both teams begin working
from a common set of goals, shared KPIs, and joint decision frameworks. ... The
strongest security posture doesn’t come from piling on more tools. It comes from
creating continuous alignment between management, security, and user experience.
When those three functions operate in sync, IT doesn’t deploy technology that
security can’t enforce, security doesn’t introduce controls that slow down work,
and users don’t feel the need to bypass policies with shadow apps or risky
shortcuts. ... When a unified structure is implemented, policies can be deployed
instantly, validated automatically, and adjusted based on real user impact—all
without waiting for separate teams to sync.
