Meet the New DevSecOps
AI-powered DevSecOps for the enterprise merges AI capabilities that evolved
separately until now:AI-powered software delivery workflows enable software
delivery processes to automate large-scale programs like app modernization and
cloud migrations. AI-based code governance helps developers use code-assist and
other generative AI tools to speed up the writing, checking and optimizing of
traditional code. Predictive intelligence applies machine learning
algorithms to data across the entire software development and delivery life
cycle (SDLC) so managers gain earlier software delivery insights in order to
forecast capacity, foresee risks and respond to changes. The reality is that
when AI solutions are implemented — often in piecemeal fashion among smaller
teams — they add to the clutter of siloed and fragmented tools, methods and
processes that will eventually bite back on the short-lived perception of
“progress.” A truly systemic approach to DevSecOps that merges and leverages AI
capabilities at scale is one of the most important adjustments an enterprise can
make for a lasting advantage in today’s AI-augmented world.
Navigating Data Management At a Strategic & Tactical Level
In Mexico, the biggest challenge is determining the part of the data management
strategy to focus on first. Some data integration strategies seek to purchase
technology in the hope that it will solve all their problems. However, it is
essential to first organize the data before attempting to solve everything in a
single move or through a single technology. Before developing a Master Data
Management (MDM) strategy, companies must first sit down and identify what they
want from it. The data strategy should come from the top of the organization
because it will require a cultural shift to implement it correctly. ... Having
technological expertise alone is not enough to help the client capitalize on the
collected data. Alldatum focuses on the human side of technology, which is
sometimes overlooked. We want to help clients extract value from information
because if they succeed in their data strategies, their company will grow and
they will make better decisions. If they make better decisions, there will be
more job opportunities, which will positively impact the country's economy.
The impact of artificial intelligence on software development? Still unclear
It's common for experts to suggest these days that AI will deliver significant
boosts to software development and deployment productivity, along with
developer job satisfaction. "So far our survey evidence doesn't support this,"
the report's authors, Derek DeBellis and Nathen Harvey, both with Google,
state. "Our evidence suggests that AI slightly improves individual well-being
measures -- such as burnout and job satisfaction -- but has a neutral or
perhaps negative effect on group-level outcomes such as team performance and
software delivery performance." These flat findings are likely due to the fact
that we're still at the early stages of AI adoption, they surmise: "There is a
lot of enthusiasm about the potential of AI development tools, as demonstrated
by the majority of people incorporating at least some AI into the tasks we
asked about. But we anticipate that it will take some time for AI-powered
tools to come into widespread and coordinated use in the industry."
Quantum risk is real now: How to navigate the evolving data harvesting threat
The real emphasis of HNDL threats is on high-value, long-term data assets like
trade secrets or intellectual property, which are passively harvested from
large-scale data access points rather than personal WiFi hotspots. In essence,
if a device is likely to possess important actionable information of near-term
value, it’s more likely to be attacked immediately rather than be subjected to
a longer-term HNDL strategy. Given the sensitive nature of the data at stake —
from personal information to state secrets — the HNDL risk poses a severe
threat. ... Understanding quantum security is essential in mitigating the risk
of HNDL attacks. Once asymmetric encryption, which is currently not
quantum-safe, is broken, session keys and symmetric keys will be exposed.
Therefore, mitigation involves either using quantum-secure encryption or
eliminating the transmission of encryption keys altogether. It’s essential to
clear up a common misconception: While Advanced Encryption Standard (AES) is
often touted as quantum-safe, the security of AES often hinges on the RSA
mechanism — a type of asymmetric encryption — used to distribute its keys,
which is not quantum-safe.
What is a data architect? Skills, salaries, and how to become a data framework master
Data architects are senior visionaries who translate business requirements
into technology requirements and define data standards and principles, often
in support of data or digital transformations. The data architect is
responsible for visualizing and designing an organization’s enterprise data
management framework. This framework describes the processes used to plan,
specify, enable, create, acquire, maintain, use, archive, retrieve, control,
and purge data. The data architect also “provides a standard common business
vocabulary, expresses strategic requirements, outlines high-level integrated
designs to meet those requirements, and aligns with enterprise strategy and
related business architecture,” according to DAMA International’s Data
Management Body of Knowledge. ... The data architect and data engineer roles
are closely related. In some ways, the data architect is an advanced data
engineer. Data architects and data engineers work together to visualize and
build the enterprise data management framework. The data architect is
responsible for visualizing the “blueprint” of the complete framework that
data engineers then build.
How Agile Teams Can Improve Predictability by Measuring Stability
The stability metric, Ψ, is a really simple calculation that can be done on
the back of an envelope. It has two inputs: the arrival rate, λ, and the
service rate, μ. The arrival rate is the number of PBIs added to a system in a
period of time. The service rate, μ, is the number of PBIs successfully done
by the team in the same period of time. With these two inputs you can
calculate the dimensionless Ψ by just dividing the service rate by the arrival
rate. When Ψ is less than one, the system is unstable; when it is greater than
one, it is stable, and when it is equal to one it is optimally stable. When Ψ
is equal to one, the average arrival rate is equal to the average service rate
and Little’s law applies. In this state, the backlog is neither growing nor
shrinking over time and the average time an item will spend before it is done
can be calculated by dividing the total number of items in the system, L, by
the arrival rate, λ. When Ψ is less than one, then items are arriving faster
than they can be dealt with and the backlog is growing.
DarkGate Operator Uses Skype, Teams Messages to Distribute Malware
Trend Micro's analysis showed that once DarkGate is installed on a system, it
drops additional payloads. Sometimes those are variants of DarkGate itself or
of Remcos, a remote access Trojan (RAT) that attackers previously haveused for
cyber-espionage surveillance and for stealing tax-related information. Trend
Micro said it was able to contain the DarkGate attacks it observed before any
actual harm came to pass. But given the developer's apparent pivot to a new
malware leasing model, enterprise security teams can expect more attacks from
varied threat actors. The objectives of these adversaries could vary, meaning
organizations need to keep an eye out for threat actors using DarkGate to
infect systems with different kinds of malware. While the attacks that Trend
Micro observed targeted individual Skype and Teams recipients, the attacker's
goal clearly was to use their systems as an initial foothold on the target
organization's networks. "The goal is still to penetrate the whole
environment, and depending on the threat group that bought or leased the
DarkGate variant used, the threats can vary from ransomware to cryptomining,"
according to Trend Micro.
Managing a Freelance Data Science Team
Freelance data scientists are a unique breed. They combine the technical
skills of a data scientist with the entrepreneurial mindset of a freelancer.
They are highly self-motivated, disciplined, and adaptable, able to navigate
the uncertainties of freelance work while maintaining a high level of
professional expertise. In terms of technical skills, freelance data
scientists typically have advanced degrees in fields like statistics, computer
science, or data science, and have a deep understanding of machine learning
algorithms, statistical modeling, data visualization, and programming
languages like Python and R. They are also adept at using data science tools
and platforms like Hadoop, Spark, and Tableau. However, what sets freelance
data scientists apart is their ability to operate independently. They are
comfortable with remote work, adept at managing their time, and capable of
maintaining strong relationships with clients. They are also often more
up-to-date with the latest industry trends and technologies, as they need to
constantly upskill to remain competitive.
Researchers: The Future of AI Is Wide, Deep, and Large
In their research, the team considered the relationship between deep and wide
neural networks. Using quantitative analysis, they found that deep and wide
networks can be converted back and forth on a continuum. Using both will give
a bigger picture and avoid bias. Their research hints at the future of machine
learning, in which networks are both deep and wide and interconnected with
favorable dynamics and optimized ratios between width and depth. Networks will
become increasingly complicated, and when dynamics reach the desired states,
they will produce amazing outcomes. “It’s like playing with LEGO bricks,” said
Wang. “You can build a very tall skyscraper or you can build a flat large
building with many rooms on the same level. With networks, the number of
neurons and their interconnection are the most important. In 3D space, neurons
can be arranged in myriad ways. It’s just like the structure of our brains.
The neurons just need to be interconnected in various ways to facilitate
diverse tasks.”
Why we need to focus AI on relationships
Granted, you also need to onboard the AI to make sure employees trust the tool
and will use it. This can be problematic, given that many employees fear that
AI will replace them. A Harvard Business Review article provided guidance on
how to do this properly, suggesting that the AI be set up to succeed following
known successful procedures first and then advancing the interaction as the
employee becomes comfortable with the tool. In other words, you start by
making the AI into an assistant that enhances and helps the employee, then
allow it to become a monitor/mentor as it provides real-time feedback on how
the employee is interacting with others in the company. The next phase is the
coach, where the AI becomes proactive and able to provide more detailed
feedback at times of the employee’s choosing, with the final phase being that
the AI becomes a teammate, able to autonomously do things on behalf of the
human/AI team. During this evolution of the personal AI, the employee trains
the AI and the AI trains the employee, so they become two parts of a more
productive team.
Quote for the day:
"Leadership is absolutely about
inspiring action, but it is also about guarding against mis-action." --
Simon Sinek
