Quote for the day:
"It takes a lot of courage to show your dreams to someone else." -- Erma Bombeck
Tech Burnout: CIOs Might Be Making It Worse
“CIOs often unintentionally worsen burnout by underestimating the human toll of
constant context switching, unclear priorities, and always-on availability. In
the rush to stay competitive with AI-driven initiatives, teams are pushed to
deliver faster without enough buffer for testing, reflection, or recovery,”
Marceles adds. In the end, it’s the panic surrounding AI adoption, and not the
technology itself, that’s accelerating burnout. The panic is running hot and
high, surpassing anything CIOs and IT members think of as normal. “The pressure
to adopt AI everywhere is real, and CIOs are feeling it from every angle --
executives, investors, competitors. But when that pressure gets passed down as
back-to-back initiatives with no breathing room, it fractures the team.
Engineers get pulled into AI pilots without proper training. IT staff are asked
to maintain legacy systems while onboarding new automation tools. And all of it
happens under the expectation that this is just “the new normal,” says Cahyo
Subroto, founder of MrScraper, a data scraping tool. ... “What gets lost is the
human capacity behind the tech. We don’t talk enough about how context-switching
and unclear priorities drain cognitive energy. When everything is labeled
critical, people lose the ability to focus. Productivity drops. Morale sinks.
And burnout sets in quietly, until key people start leaving,” Subroto says.
Asset sprawl, siloed data and CloudQuery’s search for unified cloud governance
“The biggest challenge with existing tools is that they’re siloed — one for
security, one for cost, one for asset inventory — making it hard to get a
unified view across domains,” CQ founder Yevgeny Pats told VentureBeat. “Even
simple questions like ‘What EBS volume is attached to an EC2 that is turned
off? are hard to answer without stitching together multiple tools.” ... Taking
a developer-first approach is critical, said Pats, because developers are
ultimately the ones building, operating and securing today’s cloud
infrastructure. Still, many cloud visibility tools were built for top-down
governance, not for the people actually in the trenches. “When you put
developers first, with accessible data, flexible APIs and native language like
SQL, you empower them to move faster, catch issues earlier and build more
securely,” he said. Customers are finding ways to use CloudQuery beyond asset
inventory. ... “Having a fully serverless solution was an important
requirement,” Hexagon cloud governance and FinOps expert Peter Figueiredo and
CloudQuery director of engineering Herman Schaaf wrote in a blog post. “This
decision brought lots of benefits since there is no need for time-consuming
updates and virtually zero maintenance.”Digital twins combine with AI to help manage complex systems
And it’s not just AI making digital twins better. The digital twins can also
make for better AI. “We’re using digital twins to actually generate
information for large language models,” says PwC’s Likens, adding that the
synthetic data is of better quality when it comes from a digital twin. “We see
opportunity to have the digital twins generate the missing pieces of data we
need, and it’s more in line with the environment because it’s based on actual
data.” A digital twin is a working model of a system, says Gareth Smith, GM of
software test automation at Keysight Technologies, an electronics company.
“It’ll respond in a way that mimics the expected response of the physical
system.” ... Another potential use case for digital twins that might become
more relevant this year is to help with understanding and scaling agentic AI
systems. Agentic AI allows companies to automate complex business processes,
such as solving customer problems, creating proposals, or designing, building,
and testing software. The agentic AI system can be composed of multiple data
sources, tools, and AI agents, all interacting in non-deterministic ways. That
can be extremely powerful, but extremely dangerous. So a digital twin can
monitor the behavior of an agentic system to ensure it doesn’t go off the
rails, and test and simulate how the system will react to novel situations.Will Quantum Computing Kill Bitcoin?
If a technological advance were to render these assets insecure, the
consequences could be severe. Cryptocurrencies function by ensuring that only
authorized parties can modify the blockchain ledger. In Bitcoin’s case, this
means that only someone with the correct private key can spend a given amount
of Bitcoin. ... Quantum computers, however, operate on different principles.
Thanks to phenomena like superposition and entanglement, they can perform many
calculations in parallel. In 1994, mathematician Peter Shor developed a
quantum algorithm capable of factoring large numbers exponentially faster than
classical methods. ... Could quantum computing kill Bitcoin? In theory, yes,
if Bitcoin failed to adapt and quantum computers suddenly became powerful
enough to break its encryption, its value would plummet. But this scenario
assumes crypto stands still while quantum computing advances, which is highly
unlikely. The cryptographic community is already preparing, and the financial
incentives to preserve the integrity of Bitcoin are enormous. Moreover, if
quantum computers become capable of breaking current encryption methods, the
consequences would extend far beyond Bitcoin. Secure communications, financial
transactions, digital identities, and national security all depend on
encryption. In such a world, the collapse of Bitcoin would be just one of many
crises.Smaller organizations nearing cybersecurity breaking point
Small and medium enteprises (SMEs) that do have budget to hire specialists often
struggle to attract and retain skilled professionals due to the lack of
variation in the role. Burnout is also a growing issue for the understaffed,
underqualified IT teams common in small business. “With limited resource in the
business, employees are often wearing multiple hats and the pressure to manage
cybersecurity on top of their regular duties can lead to fatigue, missed
threats, and higher turnover,” Exelby says. ... SMEs often mistakenly believe
that cyber attackers only target larger organizations, but that’s often not the
case — particularly because small business partners of larger companies are
often deliberately targeted as part of supply chain attacks. “Threats are
becoming more advanced but their resources aren’t keeping pace,” says Kristian
Torode, director and co-founder of Crystaline, a specialist in SME
cybersecurity. “Many SMEs are still relying on outdated systems or don’t have
dedicated security teams in place, making them an easy target.” Torode adds:
“They’re also seen by cybercriminals as an exploitable link in the supply chain,
since they often work with larger enterprises.” “SMEs have traditionally been
low-hanging fruit — with limited resources for cybersecurity training, advanced
tools, or dedicated security teams,” Adam Casey, director of cybersecurity and
CISO at cloud security firm Qodea, tells CSO.
Want fewer security fires to fight? Start with threat modeling
Some CISOs begin with one critical system or pilot project. From there, they
build templates, training materials, and internal champions who help scale the
practice across teams. Incorporating threat modeling into an organization’s
development lifecycle doesn’t have to be daunting. In fact, it shouldn’t be,
according to David Kellerman, Field CTO of Cymulate. “The key is to start small
and make threat modeling approachable,” Kellerman says. Rather than rolling out
a heavyweight process full of complex methodologies, CISOs should look for ways
to embed threat modeling into workflows that teams already use. “I advise CISOs
to embed threat modeling into existing workflows, such as architecture reviews,
design discussions, or sprint planning, rather than creating separate,
burdensome exercises.” This lightweight, integrated approach not only reduces
resistance but helps normalize secure thinking within engineering culture. “Use
simple frameworks like STRIDE or basic attacker storyboarding that non-security
engineers can easily grasp,” Kellerman explains. “Make it collaborative and
educational, not punitive.” As teams gain familiarity and confidence,
organizations can gradually evolve their threat modeling capabilities. “The goal
isn’t to build a perfect threat model on day one,” Kellerman says. “It’s to
establish a security mindset that grows naturally within engineering culture.”
Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
In the security field, like in many other fields, there seems to be constant
pressure to advance. For whatever reason, the choice to climb the corporate
ladder seems to garner far more reverence and respect than the choice to develop
expertise and skills in one particular area of specialization. In other words,
the decision to go higher and broader seems to be lauded more than the decision
to go deeper and more focused. Yet, both are important in their own right. There
are certain times in a security professional’s career when they find themselves
at a crossroads – confronted by this issue. One career path is not more
“correct” than another one. Which direction is the right one is an individual
choice where many factors are relevant. ... It is the sad reality of the
security field that we don’t show our respect and appreciation for our
colleagues enough. That being said, the respect is there. See, one important
thing to keep in mind is that respect is earned – not ordained or otherwise
granted. If you are a great security professional, people take notice. You
shouldn’t feel compelled to attain a specific title, paygrade, or otherwise just
to get some respect. The dirty secret in the industry is that just because
someone is in a higher-level role, it doesn’t mean that people respect
them.
The AI data center boom: Strategies for sustainable growth and risk management
Data center developers are experiencing extended long lead times for critical equipment such as generators, switchgear, power distribution units (PDUs) and cooling systems. Global shortages in semiconductors and electrical components are still impacting timelines. Additionally, uncertainty regarding tariffs is further complicating procurement and planning processes, as potential changes in trade policies could affect the cost and availability of these essential components. ... Data center owners are increasingly trying to use low-carbon materials to decarbonize both the centers and construction operations. This approach includes concrete that permanently traps carbon dioxide and steel, which is powered using renewable energy. Microsoft is now building its first data centers made with structural mass timber to slash the use of steel and concrete, which are among the most significant sources of carbon emissions. ... Fires in data centers are typically caused by a breakdown of machinery, plant or equipment. A fire that spreads quickly can result in significant financial losses and business interruption. While the structures for data centers often have concrete frames that are not significantly impacted by fires, it’s the high-value equipment that drives losses – from cooling technology to high-end computer servers or graphic card components.Managing software projects is a double-edged sword
Doing two platform shifts in six months was beyond challenging—it was absurd. We
couldn’t have hacked together a half-baked version for even one platform in that
time. It was flat-out impossible. Let’s just say I was quite unhappy with this
request. It was completely unreasonable. My team of developers was being asked
to work evenings and weekends on a task that was guaranteed to fail. The subtle
implication that we were being rebellious and dishonest was difficult to
swallow. So I set about making my position clear. I tried to stay level-headed,
but I’m sure that my irritation showed through. I fought hard to protect my team
from a pointless death march—my time in the Navy had taught me that taking care
of the team was my top job. My protestations were met with little sympathy. My
boss, who like me came from the software development tool company, certainly
knew that the request was unreasonable, but he told me that while it was a
challenge, we just needed to “try.” This, of course, was the seed of my demise.
I knew it was an impossible task, and that “trying” would fail. How do you ask
your team to embark on a task that you know will fail miserably and that they
know will fail miserably? Well, I answered that question very poorly.
The CIO Has Evolved. It's Time the Board Catches Up
Across industries, CIOs have risen to meet the moment. They are at the helm of
transformation strategies with business peers and drive digital revenue models.
They even partner with CFOs to measure value, CMOs to reimagine customer
experience and COOs to build data-driven models. ... CIOs have evolved. But if
boards continue to treat them as back-room managers instead of strategic
partners, they are underutilizing one of the strategic roles in the enterprise.
... In today's times, every company is a technology company. AI, automation,
cloud and digital platforms aren't just enablers. They form the foundation for
competitive advantage and new revenue models. Similarly, cybersecurity is no
longer just an IT challenge, it's a board-level fiduciary responsibility.
Boards, however, dominantly engage with CIOs in a transactional manner. Issues
such as budget approvals, risk reviews and project updates are common
conversations. CIOs are rarely invited into conversations related to growth
strategy, market reinvention or long-term capital allocation. This disconnect is
proving to be a strategic liability. ... In industries where technology is the
differentiator, CIOs should not be in the boardroom, they should be shaping
their agenda. Because if CIOs are empowered to lead, organizations don't just
avoid risk, they build resilience, relevance and reinvention.
