Quote for the day:
"Definiteness of purpose is the starting point of all achievement." -- W. Clement Stone
Balancing AI innovation and cost: The new FinOps mandate
Yet as AI moves from pilot to production, an uncomfortable truth is emerging: AI
is expensive. Not because of reckless spending, but because the economics of AI
are unlike anything technology leaders have managed before. Most CIOs and CTOs
underestimate the financial complexity of scaling AI. Models that double in size
can consume ten times the compute. Exponential should be your watchword.
Inference workloads run continuously, consuming GPU cycles long after training
ends, which creates a higher ongoing cost compared to traditional IT projects.
... The irony is that even as AI drives operational efficiency, its own
operating costs are becoming one of the biggest drags on IT budgets. IDC’s
research shows that, without tighter alignment between line of business,
finance, and platform engineering, enterprises risk turning AI from an
innovation catalyst into a financial liability. ... AI workloads cut across
infrastructure, application development, data governance, and business
operations. Many AI workloads will run in a hybrid environment, meaning cost
impacts for on-premises as well as cloud and SaaS are expected. Managing this
multicloud and hybrid landscape demands a unified operating model that connects
technical telemetry with financial insight. The new FinOps leader will need
fluency in both IT engineering and economics — a rare but rapidly growing skill
set that will define next-generation IT leadership.Local clouds shape Europe’s AI future
The new “sovereign” offerings from US-based cloud providers like Microsoft, AWS,
and Google represent a significant step forward. They are building cloud regions
within the EU, promising that customer data will remain local, be overseen by
European citizens, and comply with EU laws. They’ve hired local staff,
established European governance, and crafted agreements to meet strict EU
regulations. The goal is to reassure customers and satisfy regulators. For
European organizations facing tough questions, these steps often feel
inadequate. Regardless of how localized the infrastructure is, most global cloud
giants still have their headquarters in the United States, subject to US law and
potential political pressure. There is always a lingering, albeit theoretical,
risk that the US government might assert legal or administrative rights over
data stored in Europe. ... As more European organizations pursue digital
transformation and AI-driven growth, the evidence is mounting: The new sovereign
cloud solutions launched by the global tech giants aren’t winning over the
market’s most sensitive or risk-averse customers. Those who require freedom from
foreign jurisdiction and total assurance that their data is shielded from all
external interference are voting with their budgets for the homegrown players.
... In the months and years ahead, I predict that Europe’s own clouds—backed by
strong local partnerships and deep familiarity with regulatory nuance—will serve
as the true engine for the region’s AI ambitions.
When Innovation and Risks Collide: Hexnode and Asia’s Cybersecurity Paradox
“If you look at the way most cyberattacks happen today—take ransomware, for
example—they often begin with one compromised account. From there, attackers try
to move laterally across the network, hunting for high-value data or systems. By
segmenting the network and requiring re-authentication at each step, ZT
essentially blocks that free movement. It’s a “verify first, then grant access”
philosophy, and it dramatically reduces the attacker’s options,” Pavithran
explained. Unfortunately, way too many organisations still view Zero Trust as a
tool rather than a strategic framework. Others believe it requires ripping out
existing infrastructure. In reality, however, Zero Trust can be implemented
incrementally and is both adaptable and scalable. It integrates technologies
such as multifactor authentication, microsegmentation, and identity and access
management into a cohesive architecture. Crucially, Zero Trust is not a one-off
project. It is a continuous process of monitoring, verification, and
fine-tuning. As threats evolve, so too must policies and controls. “Zero Trust
isn’t a box you check and move on from,” Pavithran emphasised. “It’s a
continuous, evolving process. Threats evolve, technologies evolve, and so do
business needs. That means policies and controls need to be constantly reviewed
and fine-tuned. It’s about continuous monitoring and ongoing vigilance—making
sure that every access request, every single time, is both appropriate and
secure.”
CIOs take note: talent will walk without real training and leadership
“Attracting and retaining talent is a problem, so things are outsourced,” says
the CIO of a small healthcare company with an IT team of three. “You offload the
responsibility and free up internal resources at the risk of losing know-how in
the company. But at the moment, we have no other choice. We can’t offer the
salaries of a large private group, and IT talent changes jobs every two years,
so keeping people motivated is difficult. We hire a candidate, go through the
training, and see them grow only to see them leave. But our sector is highly
specialized and the necessary skills are rare.” ... CIOs also recognize the
importance of following people closely, empowering them, and giving them a
precise and relevant role that enhances motivation. It’s also essential to
collaborate with the HR function to develop tools for welfare and well-being.
According to the Gi Group study, the factors that IT candidates in Italy
consider a priority when choosing an employer are, in descending order, salary,
a hybrid job offer, work-life balance, the possibility of covering roles that
don’t involve high stress levels, and opportunities for career advancement and
professional growth. But there’s another aspect that helps solve the age-old
issue of talent management. CIOs need to recognize more of the role of their
leadership. At the moment, Italian IT directors place it at the bottom of their
key qualities.
Rethinking the CIO-CISO Dynamic in the Age of AI
Today's CIOs are perpetual jugglers, balancing budgets and helping spur
technology innovation at speed while making sure IT goals are aligned with
business priorities, especially when it comes to navigating mandates from boards
and senior leaders to streamline and drive efficiency through the latest AI
solutions. ... "The most common concern with having the CISO report into
legal is that legal is not technically inclined," she said. "This is actually a
positive as cybersecurity has become more of a business-enabling function over a
technological one. It also requires the CISO to translate tech-speak into
language that is understandable by non-tech leaders in the organization and
incorporate business and strategic drivers." As organizations undergo digital
transformation and incorporate AI into their tech stacks, more are creating
alternate C-suite roles such as "Chief Digital Officer" and "Chief AI
Officer." ... When it comes to AI systems, the CISO's organization may be
better positioned to lead enterprise-wide transformation, Sacolick said. AI
systems are nondeterministic - they can produce different outputs and follow
different computational paths even when given the exact same input - and this
type of technology may be better suited for CISOs. CIOs have operated in the
world of deterministic IT systems, where code, infrastructure systems, testing
frameworks and automation provide predictable and consistent outputs, while
CISOs are immersed in a world of ever-changing, unpredictable threats.
The AI reckoning: How boards can evolve
AI-savvy boards will be able to help their companies navigate these risks and opportunities. According to a 2025 MIT study, organizations with digitally and AI-savvy boards outperform their peers by 10.9 percentage points in return on equity, while those without are 3.8 percent below their industry average.5 What boards should do, however, is the bigger question—and the focus of this article. The intensity of the board’s role will depend on the extent to which AI is likely to affect the business and its competitive dynamics and the resulting risks and opportunities. Those competitive dynamics should shape the company’s AI posture and the board’s governance stance. ... What matters is that the board aligns on the business’s aspirational strategy using a clear view of the opportunities and risks so that it can tailor the governance approach. As the business gains greater experience with AI, the board can modify its posture. ... Directors should focus on determining whether management has the entrepreneurial experience, technological know-how, and transformational leadership experience to run an AI-driven business. The board’s role is particularly important in scrutinizing the sustainability of these ventures—including required skills, implications on the traditional business, and energy consumption—while having a clear view of the range of risks to address, such as data privacy, cybersecurity, the global regulatory environment, and intellectual property (IP).Do Tariffs Solicit Cyber Attention? Escalating Risk in a Fractured Supply Chain
Offensive cyber operations are a fourth possibility largely serving to achieve
the tactical and strategic objectives of decisionmakers, or in the case of
tariff imposition, retaliation. Depending on its goals, a government may use the
cyber domain to steal sensitive information such as amount and duration of a
potential tariff or try to ascertain the short- and long-term intent of the
tariff-imposing government. A second option may be a more aggressive response,
executing disruptive operations to signal its dissatisfaction over tariff rates.
... It’s tempting to think of tariffs as purely a policy lever, and a way to
increase revenue or ratchet up pressure on foreign governments. But in today’s
interconnected world, trade policy and cybersecurity policy are deeply
intertwined. When they aren’t aligned, companies risk becoming collateral damage
in the larger geopolitical space, where hostile actors jockey to not only steal
data for profit, but also look to steal secrets, compromise infrastructure, and
undermine trust. This offers adversaries new ways to facilitate cyber intrusion
to accomplish all of these objectives, requiring organizations to up their
efforts in countering these threats via a variety of established practices.
These include rigorous third-party vetting; continuous monitoring of third-party
access through updates, remote connections, and network interfaces; implementing
zero trust architecture; and designing incident response playbooks specifically
around supply-chain breaches, counterfeit-hardware incidents, and firmware-level
intrusions.
Resilience: How Leaders Build Organizations That Bend, Not Break
Resilient leaders don’t aim to restore what was; they reinvent what’s next.
Leadership today is less about stability and more about elasticity—the ability
to stretch, adapt, and rebound without breaking. ... Resilient cultures don’t
eliminate risk—they absorb it. Leaders who privilege learning over blame and
transparency over perfection create teams that can think clearly under pressure.
In my companies, we’ve operationalized this with short, ritualized
cadences—weekly priorities, daily huddles, and tight AARs that focus on
behavior, not ego. The goal is never to defend a plan; it’s to upgrade it. ...
“Resilience is mostly about adaptation rather than risk mitigation.” The
distinction matters. Risk mitigation reduces downside. Adaptation converts
disruption into forward motion. The organizations that redefine their categories
after shocks aren’t the ones that avoid volatility; they’re the ones that
metabolize it. ... In uncertainty, people don’t expect perfection—they expect
presence. Transparent leadership doesn’t eliminate volatility, but it changes
how teams experience it. Silence erodes trust faster than any market correction;
people fill gaps with assumptions that are worse than reality. ... Treat
resilience as design, not reaction. Build cultures that absorb shock, operating
systems that learn fast, and communication habits that anchor trust. In an era
where strategy half-life keeps shrinking, these are the leaders—and
organizations—that won’t just survive volatility.
AI-Powered Quality Engineering: How Generative Models Are Rewriting Test Strategies
Despite significant investments in automation, many organizations still struggle
with the same bottlenecks. Test suites often collapse due to minor UI changes.
Maintenance cycles grow longer each quarter. Even mature teams rarely achieve
effective coverage that truly exceeds 70-80%. Regression cycles stretch for days
or weeks, slowing down release velocity and diluting confidence across
engineering teams. It isn’t just productivity that suffers; it’s trust. These
problems reduce teams’ confidence in releasing immediately and diminish
automation ROI in addition to slowing down delivery. Traditional test automation
has reached its limits because it automates execution, not understanding. And
this is exactly where Generative AI changes the conversation. ... Synthetic data
that mirrors production variability can be produced without waiting for
dependent systems. Scripts no longer break every time a button shifts. As AI
self-heal selectors and locators without human assistance, tests start to
regenerate themselves. While predictive signals identify defects early through
examining past data and patterns, natural-language inputs streamline test
descriptions. ... GenAI isn’t magic, though. When generative models are fed
ambiguous input, they can produce brittle or incorrect test cases. Ingesting
production logs without adequate anonymization introduces privacy and compliance
risks. Risks to data privacy and compliance must be considered while using
production traces.
