IT Talent Crunch Shifts Tech Investment Strategies
Prasad Ramakrishnan, CIO at Freshworks, points out that low- and no-code tools enable businesses to do more with less, and the easy-to-use, configuration-based user experience of these tools means anyone can use them. He adds tech stacks have become bloated and complex, with features end users typically don't care about. “In an attempt to check every box, technology went from being purpose-built, to tailored to no one,” he says. “The pandemic has made this trend more pronounced.” Ramakrishnan conducts an “app rationalization” exercise regularly with his team, evaluating software applications in terms of integrations needed, their security, whether they are being used (to retire if needed) and how much they are being used (to reduce licenses if needed). “Constantly audit your tech stack,” he advises. “We also involve the end user to make sure everyone is part of the process, akin to a democratized process.” From his perspective, leaders need to create space for end-user feedback -- without it, companies could be taking away valuable tools that employees use and leave them with bloated applications they never use.
Why Investors & Founders Need To Embed Corporate Governance
There have been numerous tweets and posts about governance, the blame game, and
other topics. Governance, in my opinion, begins with the founders and senior
management. The investors/board have no way of knowing about fraud or any of the
aforementioned issues because they are not involved in the day-to-day
operations. However, once discovered, the board of directors and investors are
responsible for resolution. Consider the case of a company in the news: many
prominent Sillicon Valley and New York-based investors participated despite the
fact that one of the cofounders was convicted of identity theft. If they believe
in second chances, why not make this cofounder a full-fledged director of the
company? There is also the role of regulatory bodies such as the RBI, given that
some of these startups (particularly fintech) are governed by them because they
have a stake in a bank. Laws and regulations that encourage collaboration to
ensure there is no “conflict” or, for example, our regulations make it
impossible for investors to liquidate and take their money back.
Introduction to SOLID Principles of Software Architecture
Per the Single Responsibility Principle, every class should not have more than
one responsibility, (i.e., it should have one and only one purpose). If you have
multiple responsibilities, the functionality of the class should be split into
multiple classes, with each of them handling a specific responsibility. ... When
classes are open for extension but closed for modification, developers can
extend the functionality of a class without having to modify the existing code
in that class. In other words, programmers should make sure their code can
handle new requirements without compromising on the existing functionality.
Bertrand Meyer is credited with introducing this principle in his book entitled
“Object-Oriented Software Construction.” According to Meyer, “a software entity
should be open for extension but closed for modification.” The idea behind this
principle is that it allows developers to extend software functionality while
preserving the existing functionality. In practical terms, this means that new
functionality should be added by extending the code of an existing class rather
than by modifying the code of that class.
The Uber Hack’s Devastation Is Just Starting to Reveal Itself
“It’s disheartening, and Uber is definitely not the only company that this
approach would work against,” says offensive security engineer Cedric Owens of
the phishing and social engineering tactics the hacker claimed to use to breach
the company. “The techniques mentioned in this hack so far are pretty similar to
what a lot of red teamers, myself included, have used in the past. So,
unfortunately, these types of breaches no longer surprise me.” The attacker, who
could not be reached by WIRED for comment, claims that they first gained access
to company systems by targeting an individual employee and repeatedly sending
them multifactor authentication login notifications. After more than an hour,
the attacker claims, they contacted the same target on WhatsApp pretending to be
an Uber IT person and saying that the MFA notifications would stop once the
target approved the login. Such attacks, sometimes known as “MFA fatigue” or
“exhaustion” attacks, take advantage of authentication systems in which account
owners simply have to approve a login through a push notification on their
device rather than through other means, such as providing a randomly generated
code.
Does your password policy align with NIST recommendations?
“NIST outlines several simple steps to strengthen passwords against modern
password-based attacks. Organizations that ignore NIST’s recommendations are
leaving an essential authentication security layer vulnerable,” notes Josh
Horwitz, chief operating officer at Enzoic. ... As hacking threats increase
and many IT teams are understaffed, upgrading your password policy may seem
like a nice-to-have. However, password hardening is easy to do, leverages the
existing investment in passwords and, unlike most security policies, actually
makes things easier for users and administrators. The right solution reduces
user frustration around frequent required resets and complex rules. Technology
can also lower administrative burden and spend by using automation to reduce
password reset calls and boost cybersecurity. Adopting modern technology such
as Enzoic for Active Directory can help you avoid security breaches, prevent
ransomware attacks and avoid account takeovers. “Organizations need a way to
identify when passwords become compromised,” says Horwitz, adding, “Otherwise,
their users and administrators can’t follow or enforce the NIST requirement to
not reuse compromised passwords.”
Cybersecurity as an employee benefit
Many business leaders and human resources professionals believe that
cybersecurity is the responsibility of their information technology staff and
managed services provider. However, ensuring that employees and their families
have appropriate cybersecurity protection is an employee benefit that benefits
employers as well. Mistakes, lack of awareness and general vulnerability of
employees remains the most significant cyber security risk for most employers.
Simply training employees about cyber threats typically fails to reduce that
risk sufficiently. To have a truly cyber-mature workforce, employers need to
engage employees in cybersecurity. Teaching employees about the threats to
themselves and their families, and making personal protection services
available to them, is a much better method to engage employees in
cybersecurity. Cybersecurity training is not most people’s idea of a good
time. However, employees sit up and take notice when trainers talk to them
about the prevalence and severity of the cyber threats to themselves
personally, including their identities, credit files, financial accounts,
personal devices and home networks.
Meta, TikTok, YouTube and Twitter dodge questions on social media and national security
Whistleblowers and industry have repeatedly raised alarms about inadequate
content moderation in other languages, an issue that gets inadequate attention
due to a bias toward English language concerns, both at the companies
themselves and at U.S.-focused media outlets. In a different hearing
yesterday, Twitter’s former security lead turned whistleblower Peiter “Mudge”
Zatko noted that half of the content flagged for review on the platform is in
a language the company doesn’t support. Facebook whistleblower Frances Haugen
has also repeatedly called attention to the same issue, observing that the
company devotes 87% of its misinformation spending to English language
moderation even though only 9% of the platform’s users speak English. In
another eyebrow-raising exchange, Twitter’s Jay Sullivan declined to
specifically deny accusations that the company “willfully misrepresented”
information given to the FTC. “I can tell you, Twitter disputes the
allegations,” Sullivan said, referring to testimony from the Twitter
whistleblower on Tuesday.
5 steps to designing an embedded software architecture, Step 1
First, they are not very portable. For example, what happens if a
microcontroller suddenly becomes unavailable? (Chip shortage, anyone?). If the
code is tightly coupled, attempting to move the application code to run on a
new microcontroller becomes a herculean effort. Application code is tightly
coupled to low-level hardware calls on the microcontroller! I know a lot of
companies who have suffered through this recently. If they didn’t update their
architecture, they had to go back through all their code and change every line
that interacted with the hardware. The companies that updated their
architecture broke their architecture coupling through abstractions and
dependency injection. Second, unit testing the application in a development
environment rather than on the target hardware is nearly impossible. If the
application code makes direct calls to the hardware, a lot of work will go
into the test harness to successfully run that test, or the testing will need
to be done on the hardware. Testing on hardware is slow and is often a manual
rather than an automated process.
The promise of sustainable AI may not outweigh the organizational challenges
Without help from technology, outlining sustainability goals would be a
limiting and difficult exercise. Enterprises today struggle with quantifying
the risk of climate change, especially when it comes to digital
transformation. In fact, only 43% of global executives say they are aware of
their organization’s IT footprint. Data analytics and AI offer a solution to
this challenge, as they provide meaningful insights across industries to
understand where those gaps exist and thus can help companies incorporate more
sustainable practices. Research shows that 89% of organizations recycle less
than 10% of their IT hardware. However, if a company is to truly reap all the
environmental benefits of sustainable AI, IT must play a crucial role in using
this technology as the organization’s biggest helper, not its adversary. There
are four broad areas that offset the sustainability impact of AI machinery and
technology: reporting, cloud, circular economy, and coding. Accurate metrics
and reporting will keep the AI systems intact and constantly improving, while
cloud promotes sustainability because users only pay for the infrastructure
per use, eliminating the need to run data centers at full threshold.
Measuring performance in agile
It’s really easy to destroy the culture of an agile team with metrics. We need
to be sure that what we measure encourages the right behaviour. Using a team’s
velocity as a performance measurement comes with a strong warning label:
“Scrum’s team-level velocity measure is not all that meaningful outside of the
context of a particular team. Managers should never attempt to compare
velocities of different teams or aggregate estimates across teams.
Unfortunately, we have seen team velocity used as a measure to compare
productivity between teams, a task for which it is neither designed nor
suited. Such an approach may lead teams to “game” the metric, and even to stop
collaborating effectively with each other. In any case, it doesn’t matter how
many stories we complete if we don’t achieve the business outcomes we set out
to achieve in the form of program-level target conditions” We’ve all heard
about working smarter, not harder, yet by focusing on story points as a
measurement, we find that although in the short term we will succeed at
getting people to complete more story points by simply working harder, this
approach will not necessarily achieve the outcomes that we want.
Quote for the day:
"Nobody in your organization will be
able to sustain a level of motivation higher than you have as their leader."
-- Danny Cox
