The Chief Trust Officer Role Can Be the Next Career Step for CISOs
Many CISOs are already unofficially doing the work that comes with the CTrO
role, according to Pollard. They are doing customer-facing work, navigating
third-party risk management, and focusing on enterprise resilience. “CISOs that
spend more time on customer-facing activity, they are at companies that grow
faster,” Pollard asserted. “Cybersecurity touches revenue, and security leaders
that are able to carve out the time to focus on customer activity help drive
hyper growth.” CISOs who are driving growth for their companies are playing an
important part on the leadership team, and if they’ve been in the role for a
long enough time, it could be time to ask the question “What comes next?” CISOs
who have been in their position for 48 months are due for a title-level
promotion, according to Pollard. And CTrO is that next step. ... Through his
research, Pollard is seeing the CTrO role filled at a number of organizations.
Cisco has a chief trust officer. So does SAP. “We're not talking about small,
innovative startups. We're talking about goliath businesses that recognize the
importance of trust in what they do,” Pollard said.
How regulation of the metaverse could impact your business
The regulatory challenges faced by Web3 are currently much fresher, arguably
more nuanced and in some cases, urgent. It cannot be regulated as a single
entity, as its multitude of use cases demand a multitude of approaches. Specific
rules governing the security and availability of systems, finance, archives,
identity and IP rights will need to be set. The good news is that
policymakers could leverage Web3’s benefits to impose regulation. As it’s based
on decentralisation and automation, it’s not far-fetched to imagine the
technology being used to enforce and automate taxation, for
example. Currently, Web3 platforms like cryptocurrency exchanges
or NFT marketplaces aren’t standardised, with inconsistent UX and
language used to communicate concepts. Often, these platforms have little or no
duty to educate about safety or establish protections, and while platforms
like Coinbase and OpenSea do a good job here, it’s far from
the norm and scams are still commonplace owing to lack of understanding.
Private 5G drives sustainable and agile industrial operations
Looking at business outcomes such as sustainability and agility, the partners
regard industrial private 5G as an enabler of digital transformation in smart
manufacturing to help deliver connected worker applications, mobile asset
applications and untethered fixed industrial asset applications. The former are
seen as able to increase visibility and intelligence through mobile digital
tools, such as analytics, digital twins and augmented reality (AR), while mobile
asset applications increase agility and efficiency with autonomous vehicles,
such as automated guided vehicles (AGVs) and autonomous mobile robots (AMRs).
The consortium’s tests were run according to an established test plan provided
by Rockwell Automation with success criteria of zero faults. It outlined a
series of test cases to establish reliable Ethernet/IP standard and safety (CIP
Safety) I/O connections from a GuardLogix area controller, with a range of
requested packet interval (RPI) settings – the rate at which the controller and
the I/O exchange data – over the 5G RAN to the FLEX 5000 standard and safety
I/O.
Who Moved My Code? An Anatomy of Code Obfuscation
The best security experts will tell you that there’s never an easy, or a single
solution to protect your intellectual property, and combined measures,
protection layers and methods are always required to establish a good protective
shield. In this article, we focus on one small layer in source code protection:
code obfuscation. Though it’s a powerful security method, obfuscation is often
neglected, or at least misunderstood. When we obfuscate, our code becomes
unintelligible, thus preventing unauthorized parties from easily decompiling, or
disassembling it. Obfuscation makes our code impossible, (or nearly impossible),
for humans to read or parse. Obfuscation is, therefore, a good safeguarding
measure used to preserve the proprietary of the source code and protect our
intellectual property. To better explain the concept of obfuscation, let’s take
“Where’s Waldo” as an example. Waldo is a known illustrated character, always
wearing his red and white stripy shirt and hat, as well as black-framed
glasses.
Should security systems be the network?
The appeal and real benefits of having the security systems be the whole network
are clearest for smaller and midsized companies. They are more likely to have
uniform and relatively simple needs, and also to have thinner staffing. They are
more likely to have difficulty affording, attracting, and retaining the talent
they need in both security and networking. So, having just one platform to
become expert in, one platform to train new staff on or to outsource the
management of lets them make the most of the staff they have. The benefits are
less clear for larger company. These tend to have more complex environments and
requirements, and are less likely to tolerate the risks of monoculture given
they are better able to staff for and support a blended ecosystem. So, should
security systems be the network? For smaller organizations, it looks viable with
the caveats outlined above. For most larger organizations, I think the answer is
currently no. Instead, they should focus on making their network systems a
bigger part of the security infrastructure.
Democratization Is The Key To Upskill At Work And Improve ROI
Creating actionable data and analytics programs to educate employees is one of
the most effective ways to bridge the skills gap. We have seen successes with
executive-sponsored datathons or when companies gamify their learning
experience. We also think it’s important for technical data experts to act as
mentors to knowledge workers with domain expertise and guide them through the
analytics process. We believe this collaboration between technical experts and
domain experts will help organizations achieve breakthroughs with their data
faster. Finally, analytics needs to be easy, not complex. Organizations should
invest in technologies that move away from being highly dependent on writing
code. ... Data and analytics generate ROI in many ways. First are the time
savings. Organizations that shift from spreadsheet-based processes save several
hours per week, sometimes up to a third of their time per worker – multiply this
by all the domain experts and knowledge workers still stuck in spreadsheets and
you’ve got some serious time savings. This is just the tip of the iceberg.
Top cybersecurity threats for 2023
Disgruntled employees can sabotage networks or make off with intellectual
property and proprietary information, and employees who practice poor security
habits can inadvertently share passwords and leave equipment unprotected. This
is why there has been an uptick in the number of companies that use social
engineering audits to check how well employee security policies and procedures
are working. In 2023, social engineering audits will continue to be used so IT
can check the robustness of its workforce security policies and practices. ...
Cases of data poisoning in AI systems have started to appear. In a data
poisoning, a malicious actor finds a way to inject corrupted data into an AI
system that will skew the results of an AI inquiry, potentially returning an AI
result to company decision makers that is false. Data poisoning is a new attack
vector into corporate systems. One way to protect against it is to continuously
monitor your AI results. If you suddenly see a system trending significantly
away from what it has revealed in the past, it’s time to look at the integrity
of the data.
Corporate execs confident on sustainability goals, admit more work needed
Efforts to achieve sustainability goals can broadly be grouped into several
areas: green resources procurement, which includes sustainable energy and water;
operational efficiency, which includes the IT value chain, supply chain and
other scope 3 emission sources that make up 40% of all greenhouse gas emissions;
and end of lifecycle, including circular economy or recycling products to create
new ones. For example, data centers and cloud industries tend to focus on green
energy procurement (since they use a lot of energy to power data centers) as
well as operational efficiency to reduce power usage, according to Abhijit
Sunil, a senior analyst with Forrester Research. “Standards are certainly
evolving, and more and more organizations are held accountable for their
commitments and how they take action towards it,” Sunil said. For example, Sunil
noted, government scrutiny will continue to increase, holding more
“greenwashers” accountable. Greenwashers are companies that deceptively purport
that their products, aims and policies are environmentally friendly.
The office of 2023: Top workforce trends that will shape the year ahead
Roderick believes an overarching theme for the workplace in 2023 will be
adjusting how employees work remotely. He says there could be an uptick in
surveillance for remote workers that will allow managers to observe
productivity, and executives could enforce return-to-office mandates as a
reaction to a slowdown in business. ... "The world of work has been through huge
changes since the pandemic, and it would be good not to see the positives of
this change undone by a recession." Silverglate believes that technology, office
redesign, and sustainability will all propel hybrid and remote working in 2023.
Video conferencing became a staple in work-from-home practices, but VR is
emerging to make the experience more immersive and productive. "When many are in
person and a team member needs to be virtual, VR technology can truly reduce the
perceived gap between the two, which is one of the largest complaints I've heard
about the challenges of traditional video-conferencing technology as it relates
to hybrid teams," he says.
From Async Code Reviews to Co-Creation Patterns
/filters:no_upscale()/articles/co-creation-patterns-software-development/en/resources/61-1667592466401.jpeg)
The way it goes is that once a developer thinks they are done with coding, they
invite other team members to review their work. This is nowadays, typically done
by raising a Pull Request and inviting others for a review. But, because
reviewers are busy with their own work items and a plethora of other things
happening in the team, they are not able to react immediately. So, while the
author is waiting for a review, they also want to feel productive, thus they
start working on something else instead of twiddling their thumbs and waiting
for a review. Eventually, when reviewer(s) become available and provide feedback
on the PR and/or ask for changes, the author of the PR is then not available
because they are busy with something else. This delayed ping-pong communication
can extend over several days/weeks and a couple of iterations, until the author
and reviewer(s) converge on a solution they are both satisfied with and which
gets merged into the main branch.
Quote for the day:
"How was your day? If your answer was
"fine," then I don't think you were leading" -- Seth Godin
