Daily Tech Digest - June 04, 2021

We’ve all had to learn new ways of leading and managing. But it’s important to keep the company culture alive, and the best workplace cultures are built on a foundation of trust and autonomy. Leaders can inadvertently undermine that by monitoring employee activities too closely and checking in too often. Micromanaging can hurt morale and stifle engagement, creativity, and innovation. So, if you’ve strayed into micromanager mode, it’s time to rebalance your approach. Keep in mind that one byproduct of a remote work schedule is that people may be tackling their workload outside the usual 9-5 schedule. Maybe they’re working later in the evening or earlier in the morning, so they’ll have time to deal with the kids’ schooling. As long as quality work is getting done, does that matter? As a manager, you need to figure out what’s important and get clarity on how changes in work routines affect business goals. Align the company vision with specific business goals and make sure that the way employees complete tasks (and how you interact with your team) support those goals. That’s how you can empower your people and maintain control where it counts without overdoing it.


Ancestry’s DevOps Strategy to Control Its CI/CD Pipeline

We had this DevOps culture of, “You own the code, so you own everything about deploying the code.” It was very much kind of like a startup mentality in terms of how we dealt with teams and DevOps. We had a large, centralized team that handled operations before that. As part of our technological transformation, we went from this large centralized operations team, where you throw your code over the wall and let them deploy it, to “You own your deploys.” In that process, we ended up basically not giving teams a whole lot of direction. ... We’ll get you the rules that you’ll need but the process is up to you. Teams started to share best practices; some teams would adopt other team’s best practices but in that kind of ecosystem there’s a lot of divergent paths you can take in how you deploy your code. That’s exactly what happened to us. We had a very fragmented ecosystem of processes. We started to have a lot of issues with that, which in turn led us to start to create policies but the policies weren’t very enforceable because we didn’t have any insight into how they were being applied in each team’s ecosystem.


Cryptocurrency dealers face closure for failing UK money laundering test

The governor of the Bank of England, Andrew Bailey, has told investors they should be prepared to lose all their money if they dabble in cryptocurrencies. Crypto assets are not covered by UK schemes that help investors reclaim cash when companies go bust. The European Central Bank has compared bitcoin’s meteoric rise to other financial bubbles such as “tulip mania” and the South Sea Bubble, which burst in the 17th and 18th centuries. However, banks including Goldman Sachs and Standard Chartered have launched their own cryptocurrency trading desks to take advantage of their rapid growth. The price of bitcoin has tumbled 40% since hitting all-time highs of more than $64,000 (£45,000) in mid-April. It was trading at $38,706 on Thursday afternoon. Only five crypto asset firms have been admitted to the FCA’s formal register so far. Another 90 firms are being assessed through the temporary permit scheme, which has been extended by nine months to allow the FCA to fully review all of the applications. While a further 51 have withdrawn their applications, some may not be covered by the FCA’s rules to register, meaning not all of them will be forced to shut down.


Conversation about the .NET type system

One thing to remember about the line between CLR and C# concepts is that CLR concepts provide the possibility to make some logic work, and C# concepts provide an interface for actual developers to work with. The C# concepts are an opinionated view on the possible programs that can be written using CLR concepts, and over time, the developers of the C# language have found ways for programmers to more clearly and succinctly represent intent on a fairly regular cadence, while the fundamental capabilities provided by CLR concepts are typically much more slow to evolve. ... Having classes that behave like values has always been possible in C# and there are many types in the framework that already do this. Generally though these classes fall into the category of “data” style objects, Tuple<> for example. It’s not good or bad to do this, it’s instead an exercise in evaluating trade offs: heap vs. stack, cost of passing / returning, etc … In the case of records we wanted to explore classes first because that is what most of the customers who valued records were already using. In future versions of the language we will allow for them to be declared as structs as well though to help customers who need to make different trade off decisions.


A Beginner’s Guide To Intel oneAPI

oneAPI allows data parallelism by leveraging two types of programming: API-based programming and direct programming. Within API-based programming, the algorithm for this parallel application development is hidden behind a system-provided API. oneAPI defines a set of APIs for commonly used data-parallel domains and provides library implementations across various hardware platforms. This enables a developer to maintain performance through multiple accelerators with minimal coding and tuning. ... oneDPL has algorithms and functions to speed up DPC++ kernel programming. The oneDPL library follows the C++ standard library’s functions and includes extensions to support data parallelism and extensions to simplify data-parallel algorithms. ... oneMKL is used for fundamental mathematical routines in high-performance computing and applications. This functionality is divided into dense linear algebra, sparse linear algebra, discrete Fourier transforms, random number generators, and vector math. ... oneDAL helps speed up big data analyses by providing optimised building blocks for algorithms for different stages of data analytics—preprocessing, transformation, analysis, modelling, validation, and decision making.


The growing pains of quantum computing

Large corporations now have the resources and relationships to access machines directly, and those machines are available from IBM, from Honeywell, and from other companies as well. It’s also now possible to subscribe to these machines, because some of the big cloud providers (Amazon Web Services and Azure are two examples) have taken initial steps towards offering what we might describe as quantum processing units alongside regular high-performance computing. Those early access agreements are now available for subscription, sometimes on a daily or even an hourly basis. And then beneath all of that, there is a clutch of start-ups like IQM in Finland, Alpine Quantum Technologies in Austria and Oxford Quantum Computing in the UK that are all on a very steep trajectory. Their processors will be available in a variety of ways. All of this means that a large corporate entity has a variety of ways of accessing quantum processors, and what we do is to pull all of that together. We have two distinguishing features. 


Don’t Let Employees Pick Their WFH Days

One concern is managing a hybrid team, where some people are at home and others are at the office. I hear endless anxiety about this generating an office in-group and a home out-group. For example, employees at home can see glances or whispering in the office conference room but can’t tell exactly what is going on. Even when firms try to avoid this by requiring office employees to take video calls from their desks, home employees have told me that they can still feel excluded. They know after the meeting ends the folks in the office may chat in the corridor or go grab a coffee together. The second concern is the risk to diversity. It turns out that who wants to work from home after the pandemic is not random. In our research we find, for example, that among college graduates with young children women want to work from home full-time almost 50% more than men. This is worrying given the evidence that working from home while your colleagues are in the office can be highly damaging to your career. In a 2014 study I ran in China in a large multinational we randomized 250 volunteers into a group that worked remotely for four days a week and another group that remained in the office full time.


Quantum computing: How should cybersecurity teams prepare for it?

For those organizations not involved in the development of quantum computers, preparatory actions are clear. We must urgently overcome our inability to keep existing computers secure; the quantum computer of the future will be of little use if we fail to break our dependency on legacy technology and poor management practices today. And as quantum computing improves, we must remain in front of our adversaries by leveraging new technology before it is adopted by those who wish to do us harm. ... Quantum computing is far too immature for any immediate real-world application or for us to see the benefits that its theory promises. We can make some educated guesses, though. Peter McMahon, Applied and Engineering Physics at Cornell University, writes of quantum computing capabilities, “We’re trying to find something useful we can do with a near-term quantum computer that would answer a question in quantum gravity, or high-energy physics more generally, that couldn’t be answered otherwise, for instance, can we simulate a model of a black hole on a quantum computer? Would that be useful? We don’t know if we’ll find anything, but it’s very interesting to try.”


Exchange Servers Targeted by ‘Epsilon Red’ Malware

The initial point of entry for the attack was an unpatched enterprise Microsoft Exchange server, from which attackers used Windows Management Instrumentation (WMI) – a scripting tool for automating actions in the Windows ecosystem, primarily used on servers – to install other software onto machines inside the network that they could reach from the Exchange server. It’s not entirely clear if attackers leveraged the infamous Exchange ProxyLogon exploit that was a major pain point for Microsoft earlier in the year. However, the unpatched server used in the attack was indeed vulnerable to this exploit, Brandt observed. During the attack, threat actors launched a series of PowerShell scripts, numbered 1.ps1 through 12.ps1, as well as some that were named with a single letter from the alphabet, to prepare the attacked machines for the final ransomware payload. The scripts also delivered and initiated the Epsilon Red payload, he wrote. The PowerShell scripts use a “rudimentary form of obfuscation” that didn’t hinder Sophos researchers’ analysis but “might be just good enough to evade the detection of an anti-malware tool that’s scanning the files on the hard drive for a few minutes, which is all the attackers really need,” Brandt noted.


How Hasura 2.0 Works: A Design and Engineering Look

Hasura can implement API caching for dynamic data automatically because Hasura’s metadata configuration has got detailed information about both the data models as well as the authz rules that in turn have information about which user can access what data. And this is very useful because, otherwise, developers often need to manually build web APIs that provide data access manually. Moreover, devs need to have deep domain knowledge so that they can also then build caching strategies that recognize what queries to the cache for which users/user groups, using caching stores like Redis to provide API caching. But this is just a part of the problem. The harder bit is cache invalidation. Developers use TTL-based caching to avoid worrying about caching invalidation vs consistency and let the API consumers deal with the inconsistency. Hasura, can, in theory, provide automated cache invalidation as well because Hasura has deep integrations into the sources of data and all access to this data can go through Hasura, or use the data source’s CDC mechanism. This part of the caching problem is similar to the “materialized view update” issue.



Quote for the day:

"Speak softly and carry a big stick; you will go far. -- Theodore Roosevelt

Daily Tech Digest - June 03, 2021

Preparing for the Upcoming Quantum Computing Revolution

The primary challenge to successful quantum computing lies within the technology itself. In contrast to classical computers, a quantum computer employs quantum bits, or qubits that can be both 0 and 1 at the same time, Jagannathan says. Such two-way states give quantum computer its power, yet even the slightest interaction with their surroundings can create distortion. "Correcting these errors, known as quantum error correction (QEC), is the biggest challenge and progress has been slower than anticipated," he says. There's also an important and possibly highly destructive aspect to quantum technology. "In addition to [a] wide range of benefits . . . it is also expected that [cybercriminals] will someday be able to break public key algorithms that serve as a basis for many cryptographic operations, like encryption or digital signatures," says Colin Soutar, managing director and cyber and strategic risk leader with Deloitte & Touche. "It's important that organizations carefully understand what exposure they may have to this [threat] so that they can start to take mitigation steps and not let security concerns overshadow the positive potential of quantum computing," says Soutar


DataOps Goes Mainstream As Atlan Lands Big

Data drives businesses growth and provides valuable insights prior to any conclusive decision making. As the enterprises scale, many challenges surface. For instance, working professionals, including data scientists, analysts, engineers, join in with different skill-sets and tools. Different people, different tools, different working styles – all these lead to a major bottleneck. Business segments are in dire need of data management to create contextual insights, now is the time to improve the quality and speed of data streaming into the organisation and get leadership commitment to support and sustain a data-driven vision across the company. This is where DataOps (data operations) come in handy. For instance, users can integrate their tables from Databricks with Atlan in a series of steps. Initially there are some prerequisites for establishing a connection between Atlan and Databricks Account: Go to the Databricks console and select “Clusters” from the left sidebar; Select the cluster you want to connect with Atlan. The cluster should be in a Running state for the Atlan crawler to fetch metadata from it; Click on “Advanced Options” in the “Configuration” tab.


Ransomware-as-a-service: How DarkSide and other gangs get into systems to hijack data

They're offering a service and they sit somewhere on the darker side of the internet and they offer what's called ransomware-as-a-service. They recruit affiliates or essentially sub-contractors who come in, who use their platform and then attack companies. And in the case of DarkSide, if you actually logged into the infrastructure and take a look at it, which is something we in the research community actively do, they had a very polished operation. They provide technical support for their affiliates who are breaking into companies. They provide monetization controls so that an affiliate can go in and see how much has been paid and what's outstanding and manage the money and all that. They're basically like companies and that's the challenge with ransomware now is it's moved from this sort of opportunistic thing where there were a few criminals scattered around the world doing this, to being these as-a-service operations that basically mean any enterprising criminal can get access to ransomware for, I've seen it for less than $100, and then use that to infect stuff. And obviously at the lower end, you're talking about things that aren't very sophisticated. The problem is it doesn't need to be sophisticated.


3 Methods to Reduce Overfitting of Machine Learning Models

The most robust method to reduce overfitting is collect more data. The more data we have, the easier it is to explore and model the underlying structure. The methods we will discuss in this article are based on the assumption that it is not possible to collect more data. Since we cannot get any more data, we should make the most out of what we have. Cross validation is way of doing so. In a typical machine learning workflow, we split the data into training and test subsets. In some cases, we also put aside a separate set for validation. The model is trained on the training set. Then, its performance is measured on the test set. Thus, we evaluate the model on previously unseen data. In this scenario, we cannot use a portion of the dataset for training. We are kind of wasting it. Cross validation allows for using every observation in both training and test sets. Ensemble models consist of many small (i.e. weak) learners. The overall model tends to be more robust and accurate than the individual ones. The risk of overfitting also decreases when we use ensemble models. The most commonly used ensemble models are random forest and gradient boosted decision trees.


IT’s silent career killer: Age discrimination

There is a widespread misconception in most industries that older employees are not “digital savvy” and are afraid to learn new things when it comes to technology, Miklas adds. “This assumption often results in decisions that can result in being sued for age discrimination, especially when the older worker is passed over for promotion, not hired, or terminated,” he says. One issue that arises more in age discrimination claims than other types of discrimination is an employer’s use of selection criteria for hiring, promotion, or layoff decisions that are susceptible to assumptions about age, says Raymond Peeler, director of the Coordination Division, Office of Legal Counsel at the U.S. Equal Employment Opportunity Commission (EEOC). “For example, an employer making determinations about workers based on ‘energy,’ ‘flexibility,’ ‘criticality,’ or ‘long-term concerns’ are susceptible to employer assumptions based on the age of the worker,” Peeler says. The EEOC is responsible for enforcing federal laws that make it illegal to discriminate against job applicants or employees because of a person’s race, color, religion, sex, national origin, disability, genetic information, or age.


Helium Network combines 5G, blockchain and cryptocurrency

Self-appointed as ‘The People’s Network,’ the existing LoRa-based Helium Network is live with 28,000+ hotspots devices deployed in over 3,800 cities worldwide, and there are 200,000+ hotspot devices on backorder from various manufacturers. Helium aims to take that experience and apply it to a new tier of 5G connectivity that is enabled by the unique CBRS spectrum, 3550 MHz-3700 MHz, which the US Federal Communications Commission has made available on three tiers of access, two of which are open to non-government users. Though the Priority Access level is licensed, General Authorized Access permits open access for the widest group of potential users and use cases. Using gateways from Helium partner FreedomFi, hotspot hosts – including individual consumers – will have the option to earn Helium’s own HNT cryptocurrency, in part by offloading carrier cellular traffic to their 5G hotspots. The FreedomFi Gateways will be compatible with Helium’s existing open-source blockchain and IoT network and will by default act as a Helium hotspot, also mining rewards for proof of coverage and data transfers on the IoT network. ­­


Abu Dhabi could achieve technological sovereignty thanks to quantum computing, says expert

In a panel discussion on whether UAE fintech is going global, Ellen Moeller, head of EMEA partnerships at Stripe, a San Francisco-based company that offers software to manage online payments, said key areas of interest for fintechs included ensuring that transactions were a “very frictionless experience” for consumers. “They’re used to calling a taxi from the touch of a button,” she said. “Why shouldn’t it be so simple when we’re talking about financial services? There’s a lot of opportunity for innovation for fintech. “The final piece is regulators and central banks embracing this innovation. I think we’ve only scratched the surface of fintech innovation and there’s lots more to come.” She added that the UAE “has all the right ingredients” to be a world-class technology and fintech hub, including a deep pool of talent and good investment climate. “We’ve seen the UAE do a remarkable job at fostering fintech,” she added. The region is seeing rapid growth in the number of tech start-ups in a range of fields, according to Vijay Tirathrai, managing director of Techstars, a company in the US state of Colorado, that supports tech start-ups.


A Quantum Leap for Quantum Computing

Quantum computers are expected to greatly outperform the most powerful conventional computers on certain tasks, such as modeling complex chemical processes, finding large prime numbers, and designing new molecules that have applications in medicine. These computers store quantum information in the form of quantum bits, or qubits — quantum systems that can exist in two different states. For quantum computers to be truly powerful, however, they need to be “scalable,” meaning they must be able to scale up to include many more qubits, making it possible to solve some challenging problems. “The goal of this collaborative project is to establish a novel platform for quantum computing that is truly scalable up to many qubits,” said Boerge Hemmerling, an assistant professor of physics and astronomy at UC Riverside and the lead principal investigator of the three-year project. “Current quantum computing technology is far away from experimentally controlling the large number of qubits required for fault-tolerant computing. ...”


Everyone Wants to Build a Cyber Range: Should You?

The most compelling reason for building a cyber range is that it is one of the best ways to improve the coordination and experience level of your team. Experience and practice enhance teamwork and provide the necessary background for smart decision-making during a real cyberattack. Cyber ranges are one of the best ways to run real attack scenarios and immerse the team in a live response exercise. An additional reason to have access to a cyber range is that many compliance certifications and insurance policies cite mandatory cyber training of various degrees. These are driven by mandates and compliance standards established by the National Institute of Standards and Technology and the International Organization for Standardization (ISO). With these requirements in place, organizations are compelled to free up budgets for relevant cyber training. There are different ways to fulfill these training requirements. Per their role in the company, employees can be required to undergo certifications by organizations such as the SANS Institute. 


The biggest diversity, equity and inclusion trends in tech

It’s important to take a look at the hiring strategy, and make sure that it attracts a diverse talent pool. Nabila Salem, president at Revolent Group, commented: “For the tech industry, there is more than just a moral imperative to solve the issue of missing equity. The lack of diversity within the tech sector also compounds upon a very real business challenge for organisations: a lack of available talent. “The consequences of not plugging this skills gap are of great concern: GDP growth across the G20 nations could be stunted by as much as $1.5 trillion over the next decade, if companies refuse to adapt to the needs that tech presents to us. “One way to overcome this is to invest in new, diverse talent to help solve both the skills gap and the lack of representation in tech. New, innovative programs like the Salesforce training provided by Revolent specialise in fuelling the market with the diverse, highly skilled new talent it so desperately needs. “There is an opportunity here, to address the issue of a lack of representation and an overall skills gap, all at once. Companies must be open to the idea that the average applicant is not as homogenous as they think. ...”


Shifting to Continuous Documentation as a New Approach for Code Knowledge

Continuously verifying documentation means making sure that the current state of the documentation matches the current state of the codebase, as the code evolves. In order to keep the docs in sync with the codebase, existing documentation needs to be checked against the current state of the code continuously and automatically. If the documentation diverges from the current state of the code, the documentation should be modified to reflect the updated state (automatically or manually). Continuously verifying documentation means that developers can trust their documentation and know that what’s written there is still relevant and valid, or at least get a clear indication that a certain part of it is no longer valid. In this sense, Continuous Documentation is very much like continuous integration - it makes sure the documentation is always correct, similar to verifying that all the tests pass. This could be done on every commit, push, merge, or any other version control mechanism. Without it, keeping documentation up-to-date and accurate is extremely hard, and requires manual work that needs to be repeated regularly.



Quote for the day:

"Without courage, it doesn't matter how good the leader's intentions are." -- Orrin Woodward

Daily Tech Digest - June 02, 2021

A recurrent neural network that infers the global temporal structure based on local examples

"Every day, we manipulate information about the world to make predictions," Jason Kim, one of the researchers who carried out the study, told TechXplore. "How much longer can I cook this pasta before it becomes soggy? How much later can I leave for work before rush hour? Such information representation and computation broadly fall into the category of working memory. While we can program a computer to build models of pasta texture or commute times, our primary objective was to understand how a neural network learns to build models and make predictions only by observing examples." Kim, his mentor Danielle S. Bassett and the rest of their team showed that the two key mechanisms through which a neural network learns to make predictions are associations and context. For instance, if they wanted to teach their RNN to change the pitch of a song, they fed it the original song and two other versions of it, one with a slightly higher pitch and the other with a slightly lower pitch. For each shift in pitch, the researchers 'biased' the RNN with a context variable. Subsequently, they trained it to store the original and modified songs within its working memory.


Cybersecurity industry analysis: Another recurring vulnerability we must correct

Security tooling is a must-have, but we need to look wider and restore balance to the people component of security defense. Automation is the future. Why should we care about the human element of cybersecurity? Virtually everything in our lives is powered by software, and it’s true that automation is replacing the human elements that were once present in so many industries. It’s a sign of progress in a world digitizing at warp speed, with AI and machine learning hot topics keeping many organizations future-focused. So, why, then, would a human-focused approach to cybersecurity be anything other than an antiquated solution to a technologically advancing problem? The fact that billions of data records have been stolen in breaches in the past year, including the most recent Facebook breach affecting over half a billion accounts, should indicate that we’re not doing enough (or taking the right approach) to make a serious counter-punch against threat actors. Cybersecurity tooling is a much-needed component of cyber defense, and tools will always have a place. Analysts have been absolutely on point in recommending the latest tools in a risk mitigation approach for enterprises, and that will not change.


Researchers Confront Major Hurdle in Quantum Computing

A time crystal is a strange state of matter in which interactions between the particles that make up the crystal can stabilize oscillations of the system in time indefinitely. Imagine a clock that keeps ticking forever; the pendulum of the clock oscillates in time, much like the oscillating time crystal. By implementing a series of electric-field pulses on electrons, the researchers were able to create a state similar to a time crystal. They found that they could then exploit this state to improve the transfer of an electron’s spin state in a chain of semiconductor quantum dots. “Our work takes the first steps toward showing how strange and exotic states of matter, like time crystals, can potentially by used for quantum information processing applications, such as transferring information between qubits,” Nichol says. “We also theoretically show how this scenario can implement other single- and multi-qubit operations that could be used to improve the performance of quantum computers.” Both AQT and time crystals, while different, could be used simultaneously with quantum computing systems to improve performance.


How Ethical Hackers Play An Important Role In Protecting Enterprise Data

Data is an essential asset in the current dynamic setting. The value of data has made big organizations more vulnerable to cyberattacks. But believing that a big company can only suffer from a data breach incident is wrong. In reality, No one is immune to data theft, whether you’re an individual, an SME, a large enterprise, or even a state.  A surer way by which organizations can protect themselves from the possibility of an effective malicious attack is to engage with competent, ethical hackers. It would help if your organization structure had someone who understands how malicious hackers think. In such scenarios, it makes sense to take the help of ethical hackers. Ethical hacking in cybersecurity has its groundwork on data protection. Unlike cybercriminals, ethical hackers operate with the consent of the client. They use the same tools and techniques as malicious attackers. However, cybersecurity and ethical hacking experts intend to protect and secure your network as they can think like the bad guys. They can quickly discover your system vulnerabilities and suggest how you can resolve them before they are exploited.


Microsoft, GPT-3, and the future of OpenAI

There’s a clear line between academic research and commercial product development. In academic AI research, the goal is to push the boundaries of science. This is exactly what GPT-3 did. OpenAI’s researchers showed that with enough parameters and training data, a single deep learning model could perform several tasks without the need for retraining. And they have tested the model on several popular natural language processing benchmarks. But in commercial product development, you’re not running against benchmarks such as GLUE and SQuAD. You must solve a specific problem, solve it ten times better than the incumbents, and be able to run it at scale and in a cost-effective manner. Therefore, if you have a large and expensive deep learning model that can perform ten different tasks at 90 percent accuracy, it’s a great scientific achievement. But when there are already ten lighter neural networks that perform each of those tasks at 99 percent accuracy and a fraction of the price, then your jack-of-all-trades model will not be able to compete in a profit-driven market.


Has DevOps killed the BA/QA/DBA Roles?

As the industry continues towards DevOps and Cloud, these fields will thin out. Each of the roles will trend towards more of a specialization, especially the DBA, since the operational overhead of maintaining a DB is rapidly decreasing. They’ll last longer at big companies, but the tolerance for lower performers will drastically decline. However, simultaneously the demand for data expertise will keep accelerating as shown in the forecast below. Growth in warehousing and data science should ensure data specialization remains lucrative, and DBAs are well-poised to transition. Of the three, the BA role seems safest. The average software developer simply does not have the time (nor often capabilities) to maintain the social network of a strong BA. However, as more companies migrate to DevOps/Agile, the feedback barrier between users and developers will continue to shrink. As it does, BAs that are not technically competent will be pushed out. The QA role is the hardest to predict. As automation improves, demand for QA persons to run manual scripts and “catch bugs” will disappear. 


How to Get a Cybersecurity Job in 2021

There are a bunch of certifications, from CompTIA’s Security+ to others that will help signal your readiness for cybersecurity jobs. Some are more entry-level and require IT competencies such as the A+. But some will require you to have job experience in cybersecurity (such as the CISSP). There’s a bit of a chicken and egg situation and you might wonder – how can you get job experience if you need job experience to get the job in the first place? Adjacent job experience can often make a difference here. Many people transition into cybersecurity from IT roles, such as network administration, system administration, or being on helpdesk for IT, which is an entry-level role. You can gain experience here and transition over. There are also programs tailored for veterans and people with law enforcement backgrounds to get into cybersecurity. Lastly there are many cybersecurity internships being offered to bridge this gap – though with the right backing, training, and the right experience, you can skip ahead to junior-level analyst roles. SOC analyst roles are a good way to break into the cybersecurity industry. Security operations centers need analysts to parse through different threats.


Making A Case For Serverless Machine Learning

The first benefit of serverless machine learning is that it is very scalable. It can stack up to 10k requests at the same time without having to write any additional logic. It doesn’t consume extra time to scale which makes it perfect for handling random high loads. Secondly, with a pay-as-you-go architecture of serverless machine learning a person doesn’t have to pay unused server time. It can save an enormous amount of money. For example, if a user has 50k requests a month, he is obliged to pay only for 50k requests. Thirdly, infrastructure management becomes very easy as a user doesn’t have to hire a special person to look into it, it can be done very easily by a backend developer. For instance, AWS Lambda is one of the most popular serverless cloud services that has these advantages. It lets users run code without managing servers. It obviated the need for developers to explicitly configure, deploy, and manage long-term computing units. Training in Serverless Machine Learning does not require extensive programming knowledge. Basic knowledge of Python, Machine Learning, Linux, and Terminal along with an AWS account is enough to get one started.


How Blockchain Technology Can Benefit the Internet of Things

The distributed aspect of blockchain means that data are replicated across several computers. This fact makes the hacking more challenging since there are now several target devices. The redundancy in storage brought by blockchain technology brings extra security and enhances data access since users in IoT ecosystems can submit to and retrieve their data from different devices, Carvahlo said. Continuing with this example, say the burglar is captured and claims in court that the recorded video is forged evidence. The immutability nature of blockchain technology means that any change to the stored data can be easily detected. Thus, the burglar’s claim can be verified by looking at attempts to tamper with the data, he said. However, the decentralization aspect of blockchain technology can be a major issue when storing data from IoT devices, according to Carvahlo. “Decentralization means that the computers used to store data [in a distributed fashion] might belong to different entities,” he said. “In other words, if not implemented appropriately, there is a risk that users’ sensitive data can now be by default stored by and available to third parties.”


Software Engineering at Google: Practices, Tools, Values, and Culture

The skills required for developing good software are not the same skills that were required (at one point) to mass produce automobiles, etc. We need engineers to respond creatively, and to continually learn, not do one thing over and over. If they don’t have creative freedom, they will not be able to evolve with the industry as it, too, rapidly changes. To foster that creativity, we have to allow people to be human, and to foster a team climate of trust, humility, and respect. Trust to do the right thing. Humility to realize you can’t do it alone and can make mistakes. ... Building with a diverse team is, in our belief, critical to making sure that the needs of a more diverse user base are met. We see that historically: first-generation airbags were terribly dangerous for anyone that wasn’t built like the people on the engineering teams designing those safety systems. Crash test dummies were built for the average man, and the results were bad for women and children, for instance. In other words, we’re not just working to build for everyone, we’re working to build with everyone. It takes a lot of institutional support and local energy to really build multicultural capacity in an organization. We need allies, training, and support structures.



Quote for the day:

"Nothing so conclusively proves a man's ability to lead others as what he does from day to day to lead himself." -- Thomas J. Watson

Daily Tech Digest - June 01, 2021

Microsoft launches first Asia Pacific Public Sector Cyber Security Executive Council

With most technology infrastructure owned and operated by private companies; it is also mission critical that governments form coalitions with leading tech companies to lead effective cyber-defense strategies and safeguard our region against attackers. Dato’ Ts. Dr. Haji Amirudin Abdul Wahab FASc, CEO of CyberSecurity Malaysia shared, “Cybersecurity is an important national agenda that cannot rely solely on the back of IT team. It should be a priority and responsibility of all individuals, as we continue to see cyber-criminal activities rise exponentially with the proliferation of data and digital connectivity. This coalition certainly establish stronger partnerships with industry leaders and practitioners that allow us to fortify our security postures and combat cybercrime.” On the future of the cybersecurity eco-system and role the coalition will play, Ph.D. candidate ChangHee Yun, Principle Researcher of AI/Future Strategy Center, National Information Society Agency Korea added, “the collective intelligence amongst the Asia Pacific nations is paramount to jointly share best practices and strategies that will enable us to resolve cybersecurity challenges at a faster pace, and a more proactive manner. ...”


A look at API prioritisation strategy of ICICI Lombard

Like any other software development, API development and rollout have their own set of challenges. One of the most important challenges is to ensure security and encryption. A robust security framework and periodic security audits of applications are a must in ensuring that not only endpoints of applications are tracked but also there is a sufficient level of encryption and account-level security that is maintained. Detection of vulnerabilities and plugging them is an ongoing affair and needs to be monitored regularly. Data protection is a critical aspect of security that we pay close attention to. According to Nayak, one of the key aspects, where organisations make mistakes, involves the estimation of volumes for integration. Since a lot of the APIs are built keeping the number of users in mind, it becomes extremely important to also estimate user-based rate limits to ensure scalability. “User-based rate limits also help in tracking the number of calls per user and outliers are identified as a part of the security evaluation.


HITRUST explained: One framework to rule them all

To understand how this works, we need to first understand what we mean when we talk about a security framework. This isn't some whiz-bang software tool or hardware appliance; instead, it's a set of policies and procedures meant to improve your organization's cyber security strategies. There are innumerable frameworks available out there, some put out by for-profit companies, some by industry cybersecurity orgs, and some by government agencies. This last category will become important for our discussion: many government regulations that touch on cybersecurity have at their heart prescribed frameworks that companies need to implement in order to be in compliance. HITRUST's framework, known as the HITRUST CSF, works along these same lines. What makes HITRUST special is that it isn't attempting to impose its own unique security philosophy onto its users; rather, it consolidates multiple existing public domain security frameworks into a single document. For instance, plenty of these frameworks require all passwords within an organization to be eight characters or more; therefore, the HITRUST CSF includes an eight-character password requirement for those organizations to which that control applies.


Microsoft's Low-Code Strategy Paints a Target on UIPath and the Other RPA Companies

Microsoft has assembled all of the pieces required by an enterprise to deliver low code solutions. If they execute well on this strategy they are poised to become unassailable in the low-code world. When Microsoft talks about low code, they have a pretty expansive view. The language they use when describing low code encompasses everything from an accountant writing a formula in Excel, to a software engineer using a pre-built connector to pull data from an API, to a consulting firm building a bespoke end-to-end claims management solution for a customer. Microsoft realises that the real challenge with scaling low code is not writing low code applications - it’s deploying and monitoring low code applications. And it is firmly on a trajectory to solving this challenge. ... Microsoft has put together a pretty impressive strategy. I don’t know how much is by design and how much by tactical zigging and zagging but, judging by the dates that the company released each of the pieces in this strategy, it looks like sometime in 2019 someone at Microsoft had a lightbulb moment about how all this should fit together, and they’ve been executing against that strategy ever since.


Are MRI Scans Done By AI Systems Reliable?

Convolutional neural networks are trained to map the measurement directly to an artifact-free image or map from a coarse least-squares reconstruction from the under-sampled measurement to an artifact-free image. The best-performing methods in the fastMRI competition are all trained networks and yield significant improvements over classical methods. Traditional CS methods are trendy in MRI reconstruction, and are used in clinical practice. Untrained networks are also powerful for compressive sensing, and simple convolutional architectures such as the Deep Decoder work well in practice. For the experiments, the researchers picked ten randomly-chosen proton-density-weighted knee MRI scans from the fastMRI validation set. For each of those images, a small perturbation was added to the measurement. The results showed that both trained and untrained methods are sensitive to small adversarial perturbations. For the next experiment to check for dataset shift, the researchers tested on the Stanford dataset retrieved by collecting all available 18 knee volumes. “Our main finding is that all reconstruction methods perform worse on the new MRI samples, but by a similar amount.


A human-centric approach to protect against cybersecurity threats

Teaching and reinforcing positive cyber hygiene among employees is one way in which they can help in defending against cyberattacks. This is the consistent and safe training of employees when they perform a manoeuvre that could compromise important data or open themselves up to a threat. This could be attaching a document with sensitive information to an outside source using a document sharing service or clicking on e-mail without reviewing the source. With practice and consistent guidance, it is possible to train employees with new programmes that help to curb unwanted behaviours, with notifications being made to the employees when one of these incidents is about to occur. The employee can learn in real-time why they cannot or should not perform this action. It can also be a comfort to the employees who know they are protected within this system of alerts, with additional options to anonymise which employee is connected to each incident – in other words, ensuring full visibility while maintaining privacy. With time, these actions will become habits. Human error is always likely to occur, but with incident-based training, employees and companies can better protect themselves from outside risks.


Investing in the Cybersecurity Workforce of Tomorrow

One solution that will help close the skills gap is to seek out and hire underrepresented candidates. However, providing them with the needed educational resources and skill-building opportunities is yet another challenge. Cybersecurity education is not always accessible to these groups, which typically leads them to pursue other career paths. Investing in the preparation of essential talent pools, such as students, is one key component to closing the cybersecurity skills gap. With the crucial need for people with cyber skills, IT recruiters need to consider candidates who don’t fit the traditional mold of a cybersecurity professional. ... Organizations must provide appropriate resources, and candidates must be willing to take advantage of this opportunity. Along with universities that offer cybersecurity curricula, several community organizations recognize the value of diversity in the industry, providing access to content and programs designed to address the talent shortage. ICMCP and WiCyS are two examples of groups that partner with private organizations to create access to different types of training and mentorship programs for women and minorities looking to transition or grow within the field of cybersecurity.


CISO Confidence Is Rising, but Issues Remain

Many CISOs feel they lack boardroom support. Fewer than two-thirds of global CISOs surveyed for the report indicated that they agree with their board's approach to cybersecurity. Fifty-seven percent of them indicated that the expectations placed on their role are excessive. Fifty-nine percent of global CISOs say their reporting line hinders their job effectiveness. This view is most prevalent in the technology sector, where three-quarters of CISOs expressed this sentiment. In the public sector, the issue is less pressing; here, just 38% felt reporting was a burden. The apparent distance between them and their C-suite colleagues makes many CISOs feel they can't do their jobs to the best of their ability. Nearly half of them don't global believe their organization is setting them up to succeed. What's worse, 24% of CISOs strongly agree this is the case. The CISO's ability to trade off agility and security will be even more critical in the future. Now that more organizations know what remote working brings along in terms of cost-savings and flexibility, it's likely that many will adopt hybrid working models going forward. But CISOs will need to convince their boards that the passable approach they used over the past year won't be enough in the long term.


How data centres can help businesses be more sustainable

The first step for many providers is in a move away from fossil fuels. Data centres are particularly well placed to benefit from renewable energy sources due to their stable power consumption. Indeed, some providers are already achieving 100% zero-carbon energy in their buildings, resulting in lower emissions of carbon and other types of pollution, as well as cost efficiencies. Google is another trailblazer in this area – its large-scale procurement of wind and solar power has made Google the world’s largest corporate buyer of renewable energy. Renewable energy is, and will continue to be, an important part of the strategy to reduce carbon emissions, but different global locations will benefit from different approaches, and it’s important to move beyond a straight ‘we must embrace renewables’ message, to one that recognises the nuances of location. For example, in the Middle East and parts of the US, solar energy is much more prevalent than in the Nordics. Other locations have different options: a good example is at a campus on the southwestern tip of Iceland, which runs almost entirely on geothermal and hydroelectric power.


Security leaders more concerned about legal settlements than regulatory fines

Egress CEO Tony Pepper comments: “The financial cost of data breach has always driven discussion around GDPR – and initially, it was thought hefty regulatory fines would do the most damage. But the widely unforeseen consequences of class action lawsuits and independent litigation are now dominating conversation. Organizations can challenge the ICO’s intention to fine to reduce the price tag, and over the last year, the ICO has shown leniency towards pandemic-hit businesses, such as British Airways, letting them off with greatly reduced fines that have been seen by many as merely a slap on the wrist. “With data subjects highly aware of their rights and lawsuits potentially becoming ‘opt-out’ for those affected in future, security leaders are right to be nervous about the financial impacts of litigation.” Lisa Forte, Partner at Red Goat Cyber Security, comments: “The greatest financial risk post breach no longer sits with the regulatory fines that could be issued. Lawsuits are now common place and could equal the writing of a blank cheque if your data is compromised.



Quote for the day:

"It is easy to lead from the front when there are no obstacles before you, the true colors of a leader are exposed when placed under fire." -- Mark W. Boye

Daily Tech Digest - May 31, 2021

How The World Is Updating Legislation in the Face Of Persistent AI Advances

Recently, 13 states across the US placed a ban on the use of facial recognition technology by the police. Interestingly, 12 of these 13 cities were democrat-elect, implying the cultural difference within a country itself. The European Union is the gold standard when we talk about data privacy and laws governing the various aspects of technology. To protect individuals’ rights and freedom the article 22 of the GDPR, “Automated individual decision making, including profiling,” has ensured the availability of manual intervention in automated decision making in cases where individual’s rights and freedoms are affected. The first paragraph, “The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her,” and the third paragraph, “the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision,” provides the right for manual intervention to individuals.


Why ML Capabilities Of GCP Is Way Ahead Of AWS & Azure

TPUs are Google’s custom-developed application-specific integrated circuits (ASICs) to accelerate ML workloads. A big advantage for GCP is Google’s strong commitment to AI and ML. “The models that used to take weeks to train on GPU or any other hardware can put out in hours with TPU. AWS and Azure do have AI services, but to date, AWS and Azure have nothing to match the performance of the Google TPU,” said Jeevan Pandey, CTO, TelioLabs. ... Google cloud’s open-source contributions, especially in tools like Kubernetes –a portable, extensible, open-source platform for managing containerized workloads and services, facilitating declarative configuration and automation– have worked to their advantage. ... Google cloud’s speech and translate APIs are much more widely used than their counterparts. According to Gartner’s 2021 Magic Quadrant, Google cloud has been named the leader for Cloud AI services. Pre-trained ML models can be instantly used to classify objects in an image into millions of predefined categories. Additionally, one of the top ML services from Google cloud is Vision AI, powered by AutoML.


How Robotic Processing Automation can improve healthcare at scale

RPA isn’t just a boon for patient-facing organizations—healthcare vendors are getting in on the action, too. For example, the company I work for faced the daunting challenge of transferring over 1 million pieces of patient data from one EMR to another. As any medical professional can attest, switching EMRs is a notoriously time-consuming process. So, we invested in RPA to bring efficiency to an otherwise manual and laborious task. In the end, we saved valuable time—and a significant chunk of change. ... One of the biggest contributors to burnout is the ever-increasing administrative work stemming from non-clinical tasks like documentation, insurance authorizations, and scheduling—all things that can be done faster and more accurately with RPA. And when providers are freed from the monotony, they have more time to focus on the parts of the job that they really enjoy. This, in turn, boosts morale and productivity, thus enhancing care delivery and optimizing patient outcomes overall. For those working in health care, the demand for digital solutions like RPA feels like the dawning of the new era—albeit one that is met with mixed emotions.


The many lies about reducing complexity part 2: Cloud

Managers in IT are sensitive to it, as complexity generally is their biggest headache. Hence, in IT, people are in a perennial fight to make the complexity bearable. One method that has been popular for decades has been standardisation and rationalisation of the digital tools we use, a basic “let’s minimise the number of applications we use”. This was actually part 1 of this story: A tale of application rationalisation (not). That story from 2015 explains how many rationalisation efforts were partly lies. (And while we’re at it: enjoy this Dilbert cartoon that is referenced therein.) Most of the time multiple applications were replaced by a single platform (in short: a platform is software that can run other software) and the applications had to be ‘rewritten’ to work ‘inside’ that platform. So you ended up with one extra platform, the same number of applications and generally a few new extra ways of ‘programming’, specific for that platform. That doesn’t mean it is all lies. The new platform is generally dedicated to a certain type of application, which makes programming these applications simpler. But the situation is not as simple as the platform vendors argue. 


Implementing Nanoservices in ASP.NET Core

There is no precise definition of how big or small a microservice should be. Although microservice architecture can address a monolith's shortcomings, each microservice might grow large over a while. Microservice architecture is not suitable for applications of all types. Without proper planning, microservices can grow as large and cumbersome as the monolith they are meant to replace. A nanoservice is a small, self-contained, deployable, testable, and reusable component that breaks down a microservice into smaller pieces. A nanoservice, on the other hand, does not necessarily reflect an entire business function. Since they are smaller than microservices, different teams can work on multiple services at a given point in time. A nanoservice should perform one task only and expose it through an API endpoint. If you need your nanoservices to do more work for you, link them with other nanoservices. Nanoservices are not a replacement for microservices - they complement the shortcomings of microservices.


Five Data Governance Trends for Digital-Driven Business Outcomes in 2021

Knowledge of data-in-context, data processes, best techniques to provision, as well as tools enabling these methods of self-service are crucial to democratize data. However, with technology advancements, including virtualization, self-service discovery catalogs, and data delivery mechanisms, the internal data consumers can shop and provision for data in shorter cycles. In 2020, it took organizations anywhere between a week to three weeks to provision complex data that includes integration from multiple sources. Also, an increase in data awareness will help data consumers explore further available dark data that can provide predictive insights to create new user-stories that can propel customer journeys. ... A lack of focus is common across organizations as they assume Data Governance as an extension of either compliance or a risk function. Data Literacy will, in fact, change the attitude of business owners towards having to actively manage and govern data. There are immediate and cumulative benefits from actively governing data either by defining data or fixing bad quality data. But there is a need for a value-realization framework to actively manage the benefits of Data Management services.


Best practices for securing the CPaaS technology stack

Certifications are certainly important to consider when evaluating options, but even so, certifications don’t mean security. It is a best practice to check on the maturity of these vendor-specific certifications, as some companies go through a process of self-certification that doesn’t necessarily ensure the level of security your organization needs. Sending a thoughtful questionnaire to multiple vendors can be helpful for scoring these vendor’s security, offering a holistic and specific viewpoint to be considered by an organization’s IT team. On the customer end, in-house security and engineering staff can prep for CPaaS implementation by becoming familiar with the use of APIs and the authentication methods, communications protocols and the data that flows to and from them. Hackers routinely perform reconnaissance to find unprotected APIs and exploit them. Once CPaaS is incorporated into the hybrid work model technology stack, it is a best practice for an organization to focus its sights on its endpoint management. The use of a centralized endpoint management system that pushes patches for BIOS, operating systems, and applications is necessary for protecting the cloud network and customer data once a laptop connects.


3 SASE Misconceptions to Consider

Solution architecture is important, and yes, you want to minimize the number of daisy chains to reduce complexity. However, it doesn't mean you cannot have any daisy chains in your solution. In fact, dictating zero daisy chains can have consequences — not for performance, but for security. SASE consolidates a wide array of security technologies into one service, yet each of those technologies is a standalone segment today — with its own industry leaders and laggards. Any buyer who dictates "no daisy chains" is trusting that one single SASE provider can (all by itself) build the best technologies across a constellation of capabilities that is only growing larger. Being beholden to one company is not pragmatic given that the occasional daisy chain greatly increases the ability to unite best-of-breed technologies under one service provider's umbrella. ... SASE revolves around the cloud and is undoubtedly about speed and agility achieved through cloud-deployed security. But SASE doesn't mean the cloud is the only way to go and you should ignore everything else. Instead, IT leaders must take a more practical position, using the best technology given the situation and problem.


Advice for Someone Moving From SRE to Backend Engineering

The work you’re doing as an SRE will partly depend on your company culture. Without a doubt, some organizations will relegate their SREs to driving existing processes like watching the on-call make sure there are no tickets, running deployments, etc. This can make folks feel like they aren’t progressing. However, today there are a lot more things you can do as an SRE than you once could. You used to just have Bash. Now you have many automation opportunities that will hone your programming skills. You can configure Kubernetes and Terraform. There's a bunch of code-oriented tools that you can use. You can orchestrate your stuff in Python. You could also use something Shoreline if you want it, which is “programming for operations,” and allows you to think of the world in terms of control loops, and how you can automate there. DevOps has also increased the Venn diagram overlap between SRE and Backend engineering. Previously, it was engineers using version control and engineers using package managers, which was separate from SREs using deployment systems and SREs using Linux administration tools.


Inspect & Adapt – Digging into Our Foundations of Agility

When we need to change we usually feel a resistance against it. Take the current pandemic for instance. The simple action of wearing a facemask in public has caused indisputable resistance in many of us. Cognitively we understand that there is a benefit to doing so, even if there were long discussions on exactly how beneficial it would be. But emotionally it did not come natural and easy to most. Do you remember how it felt the first time you wore a facemask when entering the supermarket? It was not very pleasant, was it? But even when we are the driver for change we might find resistance against it. New year’s resolutions come to mind again. The majority of new year's resolutions are abandoned come February, even though the desired results have not been achieved. In other words, the resistance to change might sometimes show up late to the party. What might be missing here is endurance and resilience to small throw backs. I believe that we need a thorough understanding in which situation we currently are. This sounds simple and easy. And on a mid-level it is. "We need to come out of the pandemic with a net positive", a director of a company might say.



Quote for the day:

"It's very important in a leadership role not to place your ego at the foreground and not to judge everything in relationship to how your ego is fed." -- Ruth J. Simmons

Daily Tech Digest - May 30, 2021

Wanted: Millions of cybersecurity pros. Rate: Whatever you want

In the United States, there are around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers, according to a 2020 survey by (ISC)2, an international nonprofit that offers cybersecurity training and certification programs. Globally, the gap is even larger at nearly 3.12 million unfilled positions, the group says. Its CEO, Clar Rosso, said she thinks the need may actually be higher, given that some companies put off hiring during the pandemic. The needs range from entry-level security analysts, who monitor network traffic to identify potential bad actors in a system, to executive-level leaders who can articulate to CEOs and board directors the potential financial and reputational risks from cyber attacks. The US Bureau of Labor Statistics projects "information security analyst" will be the 10th fastest growing occupation over the next decade, with an employment growth rate of 31% compared to the 4% average growth rate for all occupations. If demand for cybersecurity professionals in the private sector increases dramatically, some experts say talented workers could leave the government for more lucrative corporate jobs


100 Days To Stronger Cybersecurity For The US Electric Grid

Regardless of company size or ownership status, all organizations that support the BES are required to comply with a set of cybersecurity standards known as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) standards. NERC-CIP defines the reliability requirements for planning, operating and protecting the North American bulk power supply system. It covers everything from identifying and categorizing assets, to implementing physical and digital security controls, to dealing with incidents and recovering from a cyber breach. As any security officer knows, “compliance” does not guarantee “security.” Even if all companies that are part of the BES are fully compliant with NERC-CIP — and that’s a big “if” — it’s still a good idea to have a group of experts examine the security controls and bring them up to date to be able to counter current threats from a variety of adversaries. The DOE’s 100-day plan states that “the initiative modernizes cybersecurity defenses and encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities” 


Facebook Launches AI That Understands Language Without Labels

In a recent blog post, Facebook revealed its new AI-based speech recognition technology, wav2vec-Unsupervised (or wav2vec-U), which aims to solve the problems posed by transcribing such languages. This is a method by which individuals could build speech recognition systems that do not require transcribed data. The ML algorithm still requires some form of training. Wav2vec-U is trained purely through recorded speech audio and unpaired text. This method entails first learning the structure of the target language’s speech from unlabelled audio. Using wav2vec 2.0, Facebook’s self-supervised speech recognition model, and a k-means clustering algorithm, wav2vec-U segments the voice recording into speech units loosely based on individual sounds. For instance, the word cat would correspond to the sounds: “/K/”, “/AE/”, and “/T/”. This allows it to comprehend the structure of this speech. To recognise the words in an audio recording, Facebook will use a generative adversarial network (GAN) consisting of a generator and a discriminator network. The generator will take each audio segment embedded in self-supervised representations and predict a phoneme


Why cloud governance needs to be an open source affair

Keep in mind that Cloud Custodian emerged from work Thangavelu was doing at Capital One, which is a big company with over 50,000 employees and tens of billions in revenue. It was a laboratory primed to help Thangavelu "service the different needs from different groups within the enterprise: audit, risk, security, application teams, lines of business," he said. That helped make Cloud Custodian incredibly useful within his enterprise. But just one enterprise. Open source increased the scope and utility of Cloud Custodian beyond one company's needs. "As we've gotten to open source, that pool of use cases simply expanded," he noted. No matter how creative your product managers, they're always necessarily constrained by the needs of the business they're running. By contrast, Thangavelu continued, "Open source is the strongest way to achieve [expanded scope] because your usage and your users address a wider swath of needs than any given company has. They represent the needs of a large diverse set of interests. And they're all pulling in different directions." This push-and-pull from a growing Cloud Custodian community has made it a useful tool for organizations that may have thousands or even tens of thousands of diverse policies to manage.


The Emerging Role of Artificial Intelligence in Human Lung Imaging

Recently risen to prominence, robust AI methods outline the onset of the new era in lung image analysis. Adept at seeing and making sense of vital image-led patterns, AI tools help make the respiratory field more effective — improving diagnosis and therapeutic planning, letting pulmonologists spend extra time with patients. Hence, various attempts have been made to develop automated segmentation techniques lately. Yet, the strain on the healthcare and particularly radiology system, following the pandemic, will remain until these AI-based approaches are adopted. A major hurdle of lobe segmentation arises because different respiratory diseases affect the lung architecture in different ways. For example, COVID-19 pneumonitis would manifest on imaging very differently from pulmonary emphysema. For respiratory physicians, accurate lobar segmentations are vital in order to make treatment plans appropriately. Inaccurate lobe segmentation can give misleading information about the disease process, which can lead to erroneous treatment decisions. 


Network Monitoring: The Forgotten Cybersecurity Tool

Networks can be very complex, and many are segmented into VLANs to segregate traffic. What’s more, there are many devices on the network that can shape or route traffic depending on how the network infrastructure has been configured. “Today, networks are highly segmented, yet still interconnected; there are numerous devices, such as content filtering appliances, load balancers and so on, that all work together to shape and control network traffic,” Gridelli said. “Here, active network monitoring can verify whether or not security policies are properly in effect, and detect unauthorized changes to the network infrastructure.” Active network monitoring tools often deploy sensors, which can look into a network and report on what is happening on that network. Administrators can define policies that verify network segmentation, segregation and even the functionality of content filtering devices. By running end-to-end active network monitoring tests, it’s possible to also verify whether certain security policies, such as compliance requirements, are working as intended. Sensors can be installed on protected networks, such as those used for compliance (PCI, HIPAA, etc.)


Graphs as a foundational technology stack: Analytics, AI, and hardware

Interest is expanding as graph data takes on a role in master data management, tracking laundered money, connecting Facebook friends, and powering the search page ranker in a dominant search engine. Panama Papers researchers, NASA engineers, and Fortune 500 leaders: They all use graphs. According to Eifrem, Gartner analysts are seeing explosive growth in demand for graph. Back in 2018, about 5% of Gartner’s inquiries on AI and machine learning were about graphs. In 2019, that jumped to 20%. From 2020 until today, 50% of inquiries are about graphs. AI and machine learning are in extremely high demand, and graph is among the hottest topics in this domain. But the concept dates back to the 18th century, when Leonhard Euler laid the foundation of graph theory. Euler was a Swiss scientist and engineer whose solution to the Seven Bridges of Königsberg problem essentially invented graph theory. What Euler did was to model the bridges and the paths connecting them as nodes and edges in a graph. That formed the basis for many graph algorithms that can tackle real-world problems. Google’s PageRank is probably the best-known graph algorithm, helping score web page authority.


Adam Grant on leadership, emotional intelligence, and the value of thinking like a scientist

One of the things that scares me in a lot of organizations is how attached people become to best practices. They might’ve been the best at the time that you created them. But as the world around you changes, as your culture evolves, what was best five years, 10 years ago may not be what’s most productive today. I think the language of best practices creates this illusion that there’s an end point, that we’ve already reached perfection. And so we don’t need to change anything. What I would love to see more organizations do instead is to strive for better practices, right? To say, “Okay, you know what? No matter how good a practice becomes it can always be improved. And we’re open to trying whatever ideas you have for trying to evolve the way that we do things around here.” ... When you see what other people are feeling, that’s information about what their motivations are, what’s occupying a lot of their energy and attention. Without that information, you’re actually handicapped as a leader.


Not as complex as we thought: Cyberattacks on operational technology are on the rise

The "low-hanging fruit" many attackers are going for are graphical user interfaces (GUI) -- including human machine interfaces (HMI) -- which are, by design, intended to be simple user interfaces for controlling complex industrial processes. As a result, threat actors are able to "modify control variables without prior knowledge of a process," Mandiant says. Another trend of note is hacktivism, propelled by widely available and free tutorials online. Recently, the researchers have seen hacktivist groups bragging in anti-Israel/pro-Palestine social media posts that they have compromised Israeli OT assets in the renewable and mining sectors. Other low-skilled threat actors appear to be focused on notoriety, however, with little knowledge of what they are targeting. In two separate cases, threat actors bragged about hijacking a German rail control system -- only for it to be a command station for model train sets -- and in another, a group claimed they had broken into an Israeli "gas" system, but it was nothing more than a kitchen ventilation system in a restaurant. 


Evolutionary Architecture from an Organizational Perspective

Business and IT must work together to understand the business environment and adapt the architecture accordingly. Only then is the feedback loop between the new customer’s needs and a created solution short enough to evolve architecture in the right direction. The delivery team directly listens to the client’s needs and proposes a solution. Therefore, our architecture evolves naturally with the overall business. There isn’t an additional layer of communication that slows down accommodating the change. When the architecture doesn’t correspond to the business environment, we can remodel architecture much more quickly. Additionally, the delivery team works more closely with the clients. They understand their needs. Based on that, the evolution of the system becomes more business-oriented. We don’t create architecture for the sake of the architecture -- we create a spine for the overall business goal. This idea of empowered teams is shown in detail in the book Empowered by Marty Cagan and Chris Jones. A team is responsible for gathering clients’ needs, discovering the right solution, implementing it, and gathering feedback.



Quote for the day:

"Leaders must know where they are going if they expect others to willingly join them on the journey." -- Kouzes & Posner