What is becoming more apparent is that the location where most generative AI systems will reside (public cloud platforms versus on-premises and edge-based platforms) is still being determined. Vellante’s article points out that AI systems are running neck-and-neck between on-premises and public cloud platforms. Driving this is the assumption that the public cloud comes with some risk, including IP leakage, or when better conclusions from your data appear at the competition. Also, enterprises still have a lot of data in traditional data centers or on edge computing rather than in the cloud. This can cause problems when the data is not easily moved to the cloud, with data silos being common within most enterprises today. AI systems need data to be of value, and thus it may make sense to host the AI systems closest to the data. I would argue that data should not exist in silos and that you’re enabling an existing problem. However, many enterprises may not have other, more pragmatic choices, given the cost of fixing such issues. 

One of the big opportunities for Australia in this space will be its close relationship with the United States. Because of the sheer value of quantum computing research and technology across both military and civilian IP, nations tend to be more circumspect about sharing information in comparison to conventional technology. The downside to this is that it means the U.S. isn’t able to draw on the same global pool of talent that it’s used to. A shortage of talent isn’t such a major issue in regular computing fields because global talent tends to pool and openly share information. ... “As other nations push forward, Australia risks missing out on the potential economic benefits,” a report by the University of Sydney notes. “We could also lose talented workers to countries that are investing more in quantum research. “Projects like the ambitious attempt to build the world’s first complete quantum computer aim to provide local opportunities and funding alongside their top-line goals. Moreover, Australia has a responsibility to ensure quantum technologies are developed and used ethically, and their risks managed.”

Streaming AI is about continuously training ML models using real-time data, sometimes with human involvement. The incoming data streams from many sources are analyzed, combined with contextual information, and matched against features that carry condensed information and intelligence specific to the given problem. ML algorithms continually generate these features using the most current data available. On the other hand, as noted earlier, generative AI focuses on generating responses based on a “seed” and then a pattern for finding the next thing to tack on. This works to generate content that conforms to certain parameters the Model has “learned.” It is bounded, but not in a way that the boundaries can be easily understood. Until the recent rise of LLMs, considerable effort was invested in making ML models explainable to humans. The question was: how does the model arrive at its result? The “I have no idea” response is hard for humans to accept. In the made-up legal case citations example, the LLM program generated a motion that argued a point, but when asked to explain or validate its path, it just made some stuff up.

Enter cyber insurance, a safety net that offers organisations a way to mitigate the financial impact of these cyber incidents. However, navigating the complex landscape of cyber insurance is no small feat. This is where the Chief Information Security Officer (CISO) comes into play. As the vanguard of an organisation’s Cybersecurity efforts, the CISO not only ensures that digital fortresses are robust but also plays a pivotal role in the realm of cyber insurance. Their expertise and insights are instrumental in assessing risks, selecting the right coverage, and ensuring that the organisation gets the most out of its policy. In essence, the CISO bridges the gap between the technical world of cybersecurity and the financial realm of insurance, ensuring that businesses are both well protected and well insured. ... As the primary custodian of an organisation’s cybersecurity posture, the CISO is responsible for conducting a thorough risk assessment. This involves identifying potential vulnerabilities, assessing the potential impact of different types of cyber incidents, and estimating the financial costs associated with these incidents.

In recent weeks and months, we have seen opportunities arise, often provided by academia and government, to improve cyber education. However, some parts of Africa are still without decent levels of electricity. So, is the dream of cyber education for all unattainable? ... Despite this, Africa-based data security analysts point out that a dearth of qualified technicians coupled with a lack of investment in cybersecurity has been the direct contributor to a growth in the amount and scale of successful cyberattacks. In fact, according to research from IFC and Google, Africa’s e-economy is expected to reach $180 billion by 2025, but its lack of security support could halt that growth. Most of these campaigns are based upon spam or phishing efforts derived from information garnered from open source intelligence (OSINT), which is often more effective against a remote workforce that may be more exposed to attack techniques while outside of the technical and administrative controls of traditional office work.

Organizations with an established partnership between the CISO and CMO tend to outperform their competitors. This collaboration allows for a cohesive approach to risk management and brand protection, resulting in increased customer trust and loyalty. Organizations that view the CISO purely as a technical operational leader often struggle with cybersecurity initiatives and fail to align security measures with business goals. This approach limits the potential for strategic contributions from the CISO in driving revenue growth and defending value. On the other hand, organizations that integrate the CISO into the go-to-market strategy leverage their expertise to address security concerns proactively, enhancing customer trust and differentiating themselves from competitors. By combining security practices with marketing efforts, these organizations can communicate their commitment to data protection and establish a competitive advantage in terms of trustworthiness. Effective CISOs have a seat at the executive table, allowing them to more directly align security initiatives with business outcomes. 

Machine unlearning is the process of erasing the influence specific datasets have had on an ML system. Most often, when a concern arises with a dataset, it’s a case of modifying or simply deleting the dataset. But in cases where the data has been used to train a model, things can get tricky. ML models are essentially black boxes. This means that it’s difficult to understand exactly how specific datasets impacted the model during training and even more difficult to undo the effects of a problematic dataset. OpenAI, the creators of ChatGPT, have repeatedly come under fire regarding the data used to train their models. A number of generative AI art tools are also facing legal battles regarding their training data. Privacy concerns have also been raised after membership inference attacks have shown that it’s possible to infer whether specific data was used to train a model. This means that the models can potentially reveal information about the individuals whose data was used to train it.

Unit tests fare much more poorly with this metric than most people realize. The first problem is that they often don’t provide useful information about the actual state of the system under review. When unit tests are written as acceptance tests, they are often intricately coupled with the specific implementation. They will only fail if the implementation changes, not when changes break the system (e.g., verifying the value of a class constant). Using acceptance tests as regression tests must be done intentionally and thoughtfully, deleting everything that does not provide useful information about the system’s behavior. Another major problem with unit tests is that to test the inputs of one method, you often need to mock out the responses from other methods. When you do this, you are no longer testing the system you have, you are testing a system that you assumed you had in the past. The system can break and a unit test will not fail because it had an assumption that an input would be received that the real-world system no longer supplies. 

Cybersecurity risk management and information governance are complex and gritty subjects which can be hard to follow for the uninitiated. Boardrooms aren’t the place for the ins and outs of the issue at hand. Learning to communicate effectively is possibly the single most important skill for aspiring and ambitious CISOs. Throughout history, great leaders have demonstrated an excellent ability to communicate, bringing people on a journey with them and gathering support along the way. This is not about dumbing down or glossing over the important parts. Rather, it’s about honing a fundamental business skill: being able to make a compelling argument clearly and concisely. You need to be able to translate critical cybersecurity information into business objectives. Cybersecurity risk management is a regulated requirement. Board directors, officers and senior management can be held liable for the decisions they make around cybersecurity risks and incidents. Clear and effective communication is critical in supporting organisations to make the right decisions that could be later relied upon to protect its people.

---

Quote for the day:

"Added pressure and responsibility should not change one's leadership style, it should merely expose that which already exists." -- Mark W. Boyer

---