Cybersecurity 1 – Beware – the hackers don’t go home at 5…

Cybersecurity 1 – Beware – the hackers don’t go home at 5…

The hackers don’t go home at 5…

Businesses have gone digital – staying paper based is no longer an option. A business’s data is one of its most valued assets. We see large enterprises implementing comprehensive cybersecurity frameworks.

Small business and cybersecurity

How do these cybersecurity steps scale to a small business (say less than 25 employees, less than €1m turnover)? If you have digital assets you need to protect them.  But where to start?

You are another target on the web for any hacker out there.  The implications for you of any such attack may range from financial losses to reputational damage to closure of your business.  You may not have the resources available to you to recover from a significant cybersecurity attack. And insurance is not the answer (even if you can get it and can afford it).

Cybersecurity risks

What are the cybersecurity risks your business?

  • Ransomware Attacks: Malicious software that locks you out of your system and data until you pay a ransom.
  • Phishing Scams: Efforts to steal sensitive information via emails and messages.
  • Insider Threats: Risks from you employees or your contractors misusing their access on your systems to harm your business.
  • Supply Chain Vulnerabilities: Cyber risks in respect of third-parties on whom you depend e.g. service providers, software providers, etc

You need to:

  • understand the significance of cybersecurity and the emerging risks to your business, and
  • implement robust protective measures to safeguard your assets and the continuity of your business

There are a number of excellent frameworks to assist you in developing a comprehensive cybersecurity defence.  And there is an ever-increasing list of vendor products.  But what should you do first?

Top 7 Cybersecurity Recommendations

  1. Strong Password Policies and Multi-Factor Authentication (MFA) – Use complex passwords and MFA to secure user identities and enhance defense mechanisms.
  2. Regular Updates and Patches – Maintain up-to-date software and operating systems to protect against known vulnerabilities – apply patches on a timely basis
  3. Employee Cybersecurity Training – Raise awareness with all your employees and contractors on cybersecurity best practices, including recognising phishing attempts and the requirement to protect sensitive data.
  4. Regular Data Backups – Backup critical business data in a secure, off-site location to minimise the impact of data loss.
  5. Comprehensive Security Suite  – Deploy security software offering including: antivirus, anti-malware, firewall, and web filtering – to protect against various threats.
  6. Limit Access to Sensitive Information (‘need to know’) – Apply the principle of least privilege, ensuring that employees have access only to the data necessary for their jobs.
  7. Incident Response Plan – Develop a plan to address potential cyber incidents and regularly conduct drills to test scope and readiness.

Is this all?

No – and far from it.  But, in the first instance, make sure you have these seven steps covered off. 

Lots more to be considered – including the various frameworks (ISO 27001, CIS Controls, NIST Cybersecurity Framework), Zero Based Trust, End Point Security, Security Incident and Event Management (‘SIEM’), Security Operations Centres. 

You depend on your information systems.  Your employees, customers, partners, regulators, shareholders have expectations of you with respect to protecting these assets. When you go home the hackers don’t. Review the seven steps as an immediate initiative – then a broader risk assessment may inform/ direct further actions

 

 

Thinking AI – why is AI so hot? (AI -1)

Thinking AI – why is AI so hot? (AI -1)

Artificial Intelligence is not new

So, why is AI so hot? What is driving the market? What has changed (As an undergraduate engineer in Trinity College Dublin in the early 80s I was learning LISP and writing programmes in Pascal to do basic image recognition (limited to recognising geometric shapes))?  We have had Natural Language Processing solutions and Robotics since the 1950s, Computer Vision solutions since 1960s and Expert Systems since the 1970s.

Machine Learning through to Generative AI

Machine learning (building systems that can learn from data) initially emerged in the 1950s. Within this field there has been very significant progress through the last 60 years in neural networks (designed to mimic neuron structures of the brain) and more recently in processing power to support their deployment. We have seen largescale deployment of neural networks within various AI solutions (including NLP, Computer Vision, Expert systems and Robotics). In the last 18 months the excitement has centered on Generative AI solutions, creating new data – text, image, sound – based on training data sets.

AI for everyone

When I was learning LISP artificial intelligence seemed to be something limited to programmers. Now people have ChatGPT on their phones – with a simple to use interface, access to limitless amounts of information and processing power to deliver real time answers.

I remember concerns when internet access was being rolled out in corporates – how will we prevent people spending all their time scrolling though websites. Web2.0 brought even more concerns with social media platforms and the read/write web. As a consultant and a CIO I was often pulled into discussions about ‘shadow IT’. Now we have ‘shadow AI’ – ChatGPT and its competitors being used widely.

How do we leverage AI without throiwing out the baby with the bathwater?

We are putting together a number of posts re Artificial Intelligence to provide background information, context and a framework for evaluating modern AI’s relevance and potential deployment in your organisation. Like the internet, it’s not going away. But what are the things in your business that you might do differently, better, more efficiently using some of these tools and platforms? And how will you do this without damaging your business or your team?

Other AI posts:

Human centered AI – Dr Fei-Fei-Li

Artificial General Intelligence – are we seeing it now?

Hinton on AI and the existential threat

 

Human centered AI – promoted by Dr. Fei-Fei Li

Human centered AI – promoted by Dr. Fei-Fei Li

Dr. Fei-Fei Li: The worlds I see Curiosity, Exploration and Discovery at the Dawn of AI

 

Dr. Fei-Fei Li is one of the academics very much at the centre of developments in human centered AI in the last 15 years.  She is currently a Professor of Computer Science at Stanford University. She is probably best known for her work on Imagenet (https://www.image-net.org/) while at Princeton University (she developed a large-scale, structured database used to improve object recognition algorithms – core to development of deep learning solutions in AI).

The book neatly intertwines three themes: the immigrant story of the young Chinese girl and her parents making their way in the US, the emergence of artificial intelligence from the 1950s through to the present day and Dr. Fei-Fei Li’s own role in and contribution to human centered artificial intelligence.

 

Human centered revolution

The book opens with her arriving to testify at the House Committee on Science, Space, and Technology on the topic of artificial intelligence, June 16, 2018. Her own thoughts ahead of the Committee were: ‘I had one idea to share today, and I repeated it in my thoughts like a mantra. It matters what motivates the development of AI, in both science and industry, and I believe that motivation must explicitly center on human benefit’. And she was clear on the scale of change: ‘I believe our civilization stands on the cusp of a technological revolution with the power to reshape life as we know it… This revolution must, therefore, be unequivocally human-centered’

Immigrant story

The immigrant story is yet another reminder of the contributions made by immigrants in all societies.  And she has a number of interesting insights. ‘What made the work draining was the uncertainty that hangs over the immigrant experience. I was surrounded by disciplined, hardworking people, all of whom had stories like mine, but none who’d escaped the cycle of scarcity and menial labor to which we seemed consigned. We’d come to this country in the hopes of pursuing opportunities that didn’t exist elsewhere, but I couldn’t see a path leading anywhere near them. As demoralizing as our circumstances could be, however, the lack of encouragement within our community was often worse’.

She recalls one case of an immigrant being assaulted and her own helplessness to assist: ‘I wanted to say something, even if it was nothing more than a single-word plea for the violence to stop, but I noticed something strange: in the confusion of the moment, I didn’t know which language to use’

The immigrant story also has so many positives – the openness of teachers, the opportunities, the huge support and encouragement of one teacher and his family, her parents getting going in work. ‘There were moments that I had to step back and simply watch. These were the people I grew up with in China: strong, resourceful, impressive. It’d been far too long since I’d seen them. I was proud to witness their return’.

Development of AI

The history of developments in artificial intelligence is well documented in many places.  But Fei-Fei Li captures the momentum and the hiatuses – from Turing (“Instead of trying to produce a programme to simulate the adult mind, why not rather try to produce one which simulates the child’s? ”) to McCarthy, Minsky, Rochester and Shannon (Dartmouth), Feigenbaum (knowledge engineering), Rosenblatt (perceptron), Hubel and Wiesel (visual cortex of a cat), Fukishima (multiple perceptrons), Rumelhart and Hinton (backpropagation) and many more.

Academic development

And then her own academic development.  The difference between Chinese and US school styles (moving between class rooms).  Her first-hand experience of discrimination against girls in education (‘I asked the girls to leave because the time has come to tell you that your performance as a group is unacceptable . As boys, you’re biologically smarter than girls’).

Fei-Fei Li’s original love was physics – but she notes from history how many great physicists became fascinated by biology.  She develops this interest in the brain and has the opportunity while an undergraduate to participate in a key research project at UC Berkeley. And eventually computers and computer science attract her attention – leading ultimately to this combination of neuroscience/ cognitive science and computer science.

Light

Chapter 5 is a great explanation of the importance of light and vision in the development of the human brain. ‘The perception of light was the first salvo in what would become an evolutionary arms race in which even the slightest advantage — a nominal boost in depth or a near – imperceptible increase in acuity — could propel its lucky possessor and its progeny to the front of the pack in an eternal hunt for food, shelter, and suitable mates’. And ‘Intrinsic to this astonishing progression, even now, is our sensory connection to the world.’

Scientist

We see the scientist at work and her original thinking.  There was so much focus on development of brilliant algorithms – but Fei-Fei Li’s contribution was to realise the importance of data – data to be used to train, test and ultimately improve these algorithms.  We also see her persistence – when having developed one dataset she realised the requirement for a much larger data set (‘Biederman’s number — a potential blueprint for what our ambitions as researchers demanded — was big, Really big. It wasn’t 1,000, 2,000, or even 5,000. And it certainly wasn’t the 101 we spent months cataloging. It was 30,000’).

And the initial disappointment when expected improvements did not occur. But if at first you don’t succeed, try again – and she did. ‘ImageNet was more than a data set, or even a hierarchy of visual categories. It was a hypothesis — a bet — inspired by our own biological origins, that the first step toward unlocking true machine intelligence would be immersion in the fullness of the visual world’. ‘The winner was dubbed AlexNet, in homage to both the technique and the project’s lead author, University of Toronto researcher Alex Krizhevsky.’

Human dignity and human centered

And there are other very significant research projects – both at Google and Stanford. But what really captured my attention was the feedback – from her mum in hospital: ‘ You know, Fei – Fei, ” she said softly, “ being a patient … it’s just horrible…It’s not just the pain. It’s the loss of control. It was like my body, even my mind, didn’t belong to me in that room. There were all these strangers — doctors and nurses, I know, but they’re strangers to me — and that expectation to follow their every order … It just became intolerable…My dignity was gone. Gone.’  And from this her clear conclusion: ‘But the deepest lesson I’d learned was the primacy of human dignity — a variable no data set can account for and no algorithm can optimize. That old, familiar messiness, reaching out to me from behind the weathered lines and weary eyes of the person I knew best and cared for the most’.

Li is confident that we can get AI right – not without risks.  She reminds us: ‘The common denominator to all of this, whether it’s addressing the bias in our data or safeguarding patients in hospitals, is how our technology treats people. Their dignity, in particular. That’s the word I keep coming back to. How can AI, above all else, respect human dignity? So much follows from that.

The future

She concludes on a cautious, but positive, note: ‘The future of AI remains deeply uncertain, and we have as many reasons for optimism as we do for concern. But it’s all a product of something deeper and far more consequential than mere technology: the question of what motivates us, in our hearts and our minds, as we create. I believe the answer to that question — more, perhaps, than any other — will shape our future. So much depends on who answers it. As this field slowly grows more diverse, more inclusive, and more open to expertise from other disciplines, I grow more confident in our chances of answering it right.

AI4ALL – another element of human cetered AI

In 2015 Dr. Li cofounded AI4ALL  with Dr. Olga Russakovsky and Dr. Rick Sommer, now a national nonprofit with the mission to make AI more diverse and inclusive.

The Inner CEO – how to take control of you

The Inner CEO – how to take control of you

Shane Cradock – ‘The INNER CEO – True Success is an Inside Job’

I think when I was given a copy of this ‘The Inner CEO‘ I assumed I would be reading another book about CEOs – how they at first failed and finally succeeded.  But the bye line ‘True success is an inside job’ – was the hint I missed. Having picked up the book at the weekend I pretty much devoured it – and my preferred bye line would be ‘take control‘ rather than ‘true success is an inside job’. The author is very much vested in the book – and starts out with his own very serious life experience. And this sense of commitment to what he puts forward is consistent throughout the book – and lots of examples drawn from his considerable experience working with business and sports people.
 

Timing for me

Perhaps the timing was right for me.  Almost two years ago I came across August Bradley and his ideas around Life Design – tracked through the Notion product. And I used this to put some structure around objective setting, daily planning and review, habit tracking, etc. and somewhere around this time I also began to build meditation into my daily routine. So when I read ‘The Inner CEO’, while I took some comfort from some of the changes I had previously made, I also saw a more holistic model for what I am trying to do – or looking for.  This book rang bells and is full of practical advice and ideas. The purpose of this review is not to summarise ‘The Inner CEO’ but to give you some sense of where it caught my attention and imagination. These days as a business advisor difficult to get away from Artificial Intelligence, ChatGPT, etc – today that included an excellent MIT lecture on fundamentals of foundation models, recording of Rishi Sunak interviewing Elon Musk and recording of the opening presentation at Gartner three weeks ago – AI, AI and AI.  More information overload.  And, of course, Shane references this under the ‘brains can’t cope’ topic with which we are all too familiar.  But the real point is his reference to  the ‘ability to be present and have clarity‘ as being the key skill for the 21st Centriy – for any of us.

Knowledge and AI

As I have researched AI recently I have spent considerable time thinking about learning, knowledge and ‘wisdom’ – in the context of trying to understand where we may be headed with AI – and the ongoing discussion of whether we are already seeing the first signs of Artificial General Intelligence (‘AGI’). Just reread Simon Winchester’s excellent ‘Knowing what we know – the transmission of knowledge from ancient wisdom to modern magic‘. In many ways it forms an excellent background to many of the challenges we all face in achieving ‘true success is an inside job’. When the author introduced the concept of seeing yourself as an ‘observer’ of your own mind and thoughts I was at first taken aback.  But as he explains the cocept it seemed to make complete sense. And he develops this beautifully in the book – with examples and ideas around why you want to do this and how you go about it. I remember 45 years ago learning Latin: a very smart teacher and his insistence that we did not use a dictionary in working through previously unseen texts.  Learning to sight read for piano exams something similar is required – some ability to relax and go with it (get in the ‘flow’).   Or, although was never a great cricketer, when I did get runs it was like you could not miss – felt like the bat was twice as wide and you could hit the ball anywhere. Good discussion of similar ideas in the book – and explanation of the ‘flow’. The Inner CEO has a number of ideas for assessing and addressing your mood – we all have swings (both directions).  Loved his idea about a ‘slow walk’.  I used to walk the dogs with my headphones on – listening to Audible, Spotify or podcasts.  My daughter told me that when walking the dogs I should listen to them – and be available to them.  So right – and, in many respects, this becomes the ‘slow walk’. On something similar had a discussion last week with an old friend – dumbfounded we spend so much of our ‘travel time’ listening to paodcasts – wanted to know when we listen to music.

Good models and practical advice

The Inner CEO has a number of models which I think explain why so many of us are not in control – when you read the book lookout for Projectors, Missiles and Icebergs. All good ways to explain challenges and opportunities to take control.  Each section finishes with ‘Some things to reflect on‘ and ‘somethings to sit with‘.  I am already sitting with a couple of things referenced and a couple of the ‘things to reflect on’ will be factored into my current daily and weekly reoutines. There are also a number of links to supporting tools and materials – I look forward to checking these out as I look to drive success through the inside job.          
Project Management in SMEs – get it right!

Project Management in SMEs – get it right!

Does project management require a project manager?

Seems to be a regular enough assumption in small and medium size enterprises that a business or line manager has the skills to deliver project management.  And, from what I have seen, this assumption has often proved costly.

What are the skills of a project manager and why it it so often assumed that any manager can manage a project?

Project manager activities

Generally a good project manager will:

  • Understand the principles of project management e.g. PMI
  • Understand where you are (A)
  • Understand where you are trying to get to (B)
  • Work out the jobs to be completed to get from A to B
  • Allocate the jobs to competent people
  • Track progress – managing the critical path
  • Communicate with all relevant stakeholders
  • Ensure project is closed out

And use his/ her experience to deal with issues as they arise and manage them within the original scope, timeline and budget – including agreeing any changes to scope/ timeline/ budget with the project sponsor.

There are lots of reasons a business/ line manager may struggle to do all of this.

Issues for the business/ line manager acting as Project Manager

  • Too busy managing his/ her area of the business
  • Struggle to manage resources within the business outside direct control
  • Not familiar with tools of project management – resource plans, budgets, gantt charts, etc
  • Unable to secure additional resource as may be required
  • Inexperienced in managing multiple vendors – likely to include IT vendors (applications, implementation, infrastructure/ cloud
  • Inexperienced in testing – systems testing, user acceptance testing
  • May not have required communication skills
  • Inexperienced in change management
  • Inexperienced in addressing interdependent issues as they arise – resulting in scope/ time/ budget changes – tracking these and staying on control of the project

The time commitment (which varies as the project prgresses or stalls) – is probably the single biggest issue. There will be line managers who would make excellent project managers – but only if they have time.  And whereas a PM is focused 100% on delivery, a line manager’s first concern is with his/her department and the department’ responsibilities and personnel.

The Vendor Project Manager

Another even more risky strategy is relying on the PM from the vendor to perform the PM role.  This ignores the fact that the client and the vendor have different commercial objectives.  The client needs their own PM assessing the performance, inter alia, of the vendor (and the vendor’s PM activities as they relate to the overall delivery of the project).

The preferred option

The project manager should have experience in the discipline of project management. If the PM role is to be played by a line manager – then this person should have the appropriate experience, skills and available time.  Lots of things may occur during the life time of the project, including:

  • Realisation that original analysis has missed something – or led to an unworkable design
  • Key people leave – within the company or within one of the vendors
  • Unexpected delays – resourcing challenges, delays in software modifications, unanticipated issues with data migration
  • End users change their requirements/ expectations as they see the capability of the new system
  • Requirements to reduce expectations where evolving timelines and budgets prove problematic
  • Increased supervision by senior execs and/or board – where there are issues impacting delivery
  • Potential required to switch to a phased delivery – or changes in phases and or scope of what is delivered in each phase
  • Commercial changes in the contract arising from scope changes

Often the administrative effort is underestimated:

  • Managing internal resources from several departments – multiple meetings/ workshops through the week – tracking the outcome of these
  • Reporting to a project Office, CIO, COO or CEO
  • Managing multiple vendors
  • Preparation for USer Acceptance Testing (Strategy, resourcing, training, scripting)
  • Scheduling of User Acceptance Testing and Ebd User Training

If the company does not have internal PM resources – then there are many options for contracting in PM resources.  But the company is missing a real opportunity to develop skillls and knowledge inhouse by not dedicating appropriately trained, internal resources.  Which ever option is pursued – either is better than thinking the vendor will PM or that a ‘light touch’ from a line manager will suffice.  So many failed and late projects to prove this. Even when you structure and run a project ‘according to the book’ there will be issues and risks to be managed.  Critical to have experienced people in charge – witht the time to resolve issues and achieve successful outcomes,