May 26, 2024
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
To showcase the value of their programs and demonstrate effectiveness, CISOs must establish clear communication and overcome the disconnect between the board and their team. It’s up to the CISO to ensure the board understands the level of cyber risk their organization is facing and what they need to increase the cyber resilience of their organization. Presenting cyber risk levels in monetary terms with actionable next steps is necessary to bring the board of directors on the same page and open an honest line of communication, while elevating their cybersecurity team to the role of value creator. ... CISOs are deeply wary about sharing too many details on their cybersecurity posture in the public domain, because of the unnecessary and preventable risk of exposing their organizations to cyberattacks, which are expected to cause $10.5 trillion in damages by 2025. Filing an honest 10K while preserving your organization’s cyber defenses requires a delicate balance. We’ve already seen Clorox fall victim when the balance was off. ... Given the pace at which the cybersecurity landscape is continuing to evolve, the CISO’s job is getting tougher.?
In an appearance on the “All-In” podcast, Altman said that he “definitely [doesn’t] think there will be an arms race for [training] data” because “when models get smart enough, at some point, it shouldn’t be about more data — at least not for training.” Elsewhere, he told MIT Technology Review’s James O’Donnell that he’s “optimistic” that OpenAI — and/or the broader AI industry — will “figure a way out of [needing] more and more training data.” Models aren’t that “smart” yet, leading OpenAI to reportedly experiment with synthetic training data and scour the far reaches of the web — and YouTube — for organic sources. But let’s assume they one day don’t need much additional data to improve by leaps and bounds. ... Through licensing deals, OpenAI effectively neutralizes a legal threat — at least until the courts determine how fair use applies in the context of AI training — and gets to celebrate a PR win. Publishers get much-needed capital. And the work on AI that might gravely harm those publishers continues.
A newer way of thinking about value creation focuses on IT, he says, because nearly every company, perhaps even the mom-and-pop coffee shop down the street, is a heavy IT user. “With this third wave, we’re seeing private equity firms retain in-house IT leadership, and that in-house IT leadership has led to more value creation,” Buccola says. “Firms with great IT leadership, a sound IT strategy, and a forward-thinking IT strategy, are creating more value.” ... “All roads lead to IT,” says Corrigan, a veteran of PE-backed firms, with World Insurance backed by Goldman Sachs and Charlesbank. “Every aspect of the business is dependent on some type of technology.” Corrigan sees CIOs being more frequently consulted when PE-back firms look to IT systems to drive operational efficiencies. In some cases, cutting costs is a quicker path to return on investment than revenue growth. “Every dollar you can cut out of the bottom line is worth several dollars of revenue generated,” he says. ... “The modern CIO in a private equity environment is no longer just a back-office role but a strategic partner capable of driving the business forward,” he says.
领英推荐
When it comes to testing, many people seem to have the world view that hard-to-maintain tests are the norm and acceptable. In my experience, the major culprits are BDD frameworks that are based on text feature files. This is amplifying waste. The extra feature file layer in theory allows;The user to swap out the language at a later date; Allows a business person to write user stories and or acceptance criteria; Allows a business person to read the user stories and or acceptance criteria;?Collaboration; Etc… You have actually added more complexity than you think, for little benefit. I am explicitly critiquing the approach of writing the extra feature file layer first, not the benefits of BDD as a concept. You test more efficiently, with better results not writing the feature file layer, such as with Smart BDD, where it’s generated by code. Here I compare the complexities and differences between Cucumber and Smart BDD. ... Culture is hugely important, I’m sure we and our bosses and senior leaders would all ultimately agree with the following:For more value, you need more feedback and less waste;?For more feedback, you need more value and less waste;?For less waste, you need more value and more feedback
There have been calls for regulatory harmonization. For example, the Biden-Harris Administration’s National Cybersecurity Strategy released last year calls for harmonization and streamlining of new and existing regulations to ease the burden of compliance. But in the meantime, enterprise leadership teams must operate in this complicated regulatory landscape, made only more complicated by budgetary issues. “Security budgets aren't growing for the most part. So, there's this tension between diverting resources to security versus diverting resources to compliance … on top of everything else that the CISOs have going on,” says Algeier. So, what should CISOs and enterprise leadership teams be doing as they continue to work under these SEC rules and other regulatory obligations? “CISOs should keep in mind the ability to quickly, easily, and efficiently fulfill the requirements laid out by the SEC, especially if they were to fall victim to an attack,” says Das. “This means having not only the right processes in place, but investments into tools that can ensure reporting occurs in the newly condensed timeline.”
“While regulations are driving strategy shifts and increased budgets, the talent shortage and fragmented infrastructure remain obstacles to compliance and resilience. To succeed, organizations must find the right balance between human expertise for complex situations and AI-enhanced automation tools for routine tasks. This will alleviate operational strain and ensure security professionals can focus on the parts of the job where human judgment is irreplaceable.” ... 93% of organizations report rethinking their cybersecurity strategy in the past year due to the rise of new regulations, with 58% stating they have completely reconsidered their approach. The strategy shifts are also impacting the roles of cybersecurity decision-makers, with 45% citing significant new responsibilities. 92% of organizations reported an increase in their allocated budgets. Among these organizations, a significant portion (36%) witnessed budget increases of 20% to 49%, and a notable 23% saw increases exceeding 50%.?