POPULARITY
TEKDI: Te Enseñamos y Acompañamos en el a usar la IA, la automatización y el marketing ► Programas de acompañamiento y planes de formación a medida con un tutor a tu lado, mentorías de seguimiento, sesiones prácticas de trabajo online y mucho más. ►►►https://tekdi.education/ La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente.
Shadow IT od lat był zmorą działów technologii, ale dziś jego nowa odsłona – Shadow AI – to zupełnie inna liga. Pracownicy korzystają z nieautoryzowanych narzędzi AI, tworzą własne automatyzacje, a dane firmowe trafiają do publicznych modeli językowych. W tym odcinku przyglądam się, jak firmy radzą sobie z tym zjawiskiem, kiedy AI wychodzi spod kontroli, jak zmienia się rola CISO i dlaczego przyszłość to nie zakazy, ale transparentność i współpraca.
La inteligencia artificial generativa está irrumpiendo en las empresas a una velocidad nunca vista. Y lo más llamativo no es su implantación oficial, sino la forma en la que los propios empleados están adoptándola sin permiso, a espaldas del departamento de IT. Esta tendencia, conocida como Shadow AI, está replicando lo que hace más de una década conocimos como Shadow IT: el uso de tecnología no autorizada dentro de la empresa, pero que los empleados consideran útil o incluso imprescindible para realizar su trabajo de forma más eficiente. En 2012 ya hablábamos de este fenómeno cuando herramientas como Dropbox comenzaban a popularizarse fuera del radar del área de sistemas. Hoy, ese patrón se repite con herramientas como ChatGPT, Gemini o Copilot, solo que con implicaciones aún más profundas.
In this episode of SaaS Fuel, Jeff Mains is joined by Warner Moore, founder of Gamma Force and cybersecurity strategist, to dive deep into why early-stage SaaS companies often overbuild security, waste money on compliance, and miss real threats. Warner reveals how to make cybersecurity a strategic advantage—without killing innovation.From delaying HIPAA compliance for smarter growth to leveraging cloud infrastructure securely by default, Warner shares practical frameworks SaaS founders can use to balance risk, market demand, and growth. If you're building a health tech or B2B SaaS company and wondering when and how to invest in cybersecurity.Key Takeaways00:00 – Strategic security starts with executive mindset01:32 – Why security is a business strategy, not just IT03:06 – Risk management vs checkbox compliance06:34 – Mistakes SaaS founders make with security09:53 – Understanding real risk (Asset + Vulnerability + Threat)11:16 – Leveraging cloud providers securely12:12 – Security as a market differentiator14:12 – Delaying HIPAA compliance with intentional design17:11 – When to invest in security maturity20:06 – Security budgeting for startups23:24 – Signs you need a fractional CSO26:57 – Health tech vs general SaaS: when security is mandatory29:22 – Onboarding & deepfake defense tactics32:27 – Process-based security (not just tech)34:22 – Is 2FA enough? Low-cost, high-value protection36:04 – Aligning security with company mission38:27 – Upcoming security shifts (quantum, AI, deepfakes)40:07 – Financial controls > fancy tools41:00 – Access control as a universal security need43:24 – Shadow IT and how to reduce SaaS sprawlTweetable Quotes"If you don't ask the hard questions early, you'll overbuild and overspend on security that doesn't move the business forward." – Warner Moore"Security isn't just a department. It's a culture and a competitive advantage hiding in plain sight." – Jeff Mains"Real risk requires three things: an asset, a vulnerability, and a threat. Miss one and it's just noise." – Warner Moore"Security done right doesn't slow you down—it speeds you up with confidence and alignment." – Warner Moore"The most secure companies don't just install tools—they build resilient business processes." – Warner Moore"Before you throw money at compliance, ask: does this really serve our market or just create overhead?" – Warner MooreSaaS Leadership LessonsDon't Overbuild Early – Avoid unnecessary compliance if you're not yet handling sensitive data. Be intentional.Security Is Strategy – It's not an IT checklist. It's a leadership-level decision and business differentiator.Risk = Asset + Vulnerability + Threat – If one is missing, it's not a real risk. Focus on what matters.Delay Expensive Compliance Smartly – You can structure your tech and market approach to delay heavy regulatory burdens.Train Your Team for Real Threats – Deepfakes, phishing, and social engineering are rising threats; education is critical.Use the Basics Well – MFA, encryption, access control—low-cost, high-value steps most companies still ignore.Guest ResourcesEmail - warner@gammaforce.ioWebsite - https://gammaforce.io/Linkedin -
Send us a textIn this episode, Matt interviews Bel Lepe, CEO and co-founder of Cerby, discussing the challenges and opportunities in identity security. They explore the significance of disconnected applications, the impact of shadow IT, and the importance of automation and AI in enhancing security practices. Bel shares insights from his previous experience at Ooyala and the lessons learned in building Cerby, including the recent Series B funding and future plans for the company.TakeawaysDisconnected applications pose significant risks in identity management.Shadow IT is becoming a major part of the IT landscape, not just a side issue.The startup journey involves learning from past experiences and adapting strategies.The human element remains a critical factor in cybersecurity incidents.
During the upcoming OWASP Global AppSec EU in Barcelona, Kate Labunets, a cybersecurity researcher focused on human factors and usable security, takes the stage to confront a disconnect that too often holds the industry back: the gap between academic research and real-world cybersecurity practice.In her keynote, “Outside the Ivory Tower: Connecting Practice and Science,” Kate invites practitioners to reconsider their relationship with academic research—not as something removed from their daily reality, but as a vital tool that can lead to better decisions, more targeted security programs, and improved organizational resilience.Drawing from her current research, Kate shares how interviews and surveys with employees reveal the hidden motivations behind the use of shadow IT—tools and technologies adopted without formal approval. These aren't simply acts of rebellion or ignorance. They reflect misalignments between human behavior, workplace needs, and policy communication. By understanding these mindsets, organizations can move beyond one-size-fits-all training and begin designing interventions grounded in evidence.This is where science meets practice. Kate's work isn't about generating abstract theories. It's about applying research methods—like anonymous interviews and behavior-focused surveys—to surface insights that security leaders can act on. But for this to happen, researchers need access, and that depends on building trust with practitioners.The keynote also raises a critical point about time. In industries like medicine, the gap between a published discovery and its application in the real world can be 15 years. Kate argues that cybersecurity faces a similar delay, citing the example of multi-factor authentication: patented in 1998, but still not universally adopted today. Her goal is to accelerate this timeline by helping practitioners see themselves as contributors to science—not just consumers of its outcomes.By inviting companies to participate in research and engage with universities, Kate's message is clear: collaboration benefits everyone. The path to smarter, more human-aligned cybersecurity isn't gated behind academic walls. It's open to any team curious enough to ask better questions—and brave enough to challenge assumptions.GUEST: Kate Labunets | Assistant Professor (UD1) in Cyber Security at Utrecht University | https://www.linkedin.com/in/klabunets/HOSTS:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESKate's Session: https://owasp2025globalappseceu.sched.com/event/1v86U/keynote-outside-the-ivory-tower-connecting-practice-and-scienceLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Podcast: Industrial Cybersecurity InsiderEpisode: Bridging the IT-OT Divide with AI-Powered InsightPub date: 2025-05-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig tackle one of the most misunderstood challenges in cybersecurity for industrial environments. The persistent disconnect between IT-led cybersecurity tools and operational technology realities.They explore the concept of "shadow OT," as well as the limits of traditional IDS deployments.They discuss why visibility is key to protecting critical systems. Vulnerability scanning alone isn't enough.Real world case studies reveal how failing to engage OT teams derails cybersecurity strategies. One case involved rogue servers causing daily production failures. Another featured misconfigured modules choking brewery operations. These examples show that even the most advanced strategies fail without OT team involvement.For leaders in manufacturing, utilities, and critical infrastructure, this is a must-listen conversation. It's about redefining risk management through OT-first thinking.Chapters:00:00:00 - When Machines Stop, Money Bleeds: The Downtime Dilemma00:00:47 - Shadow IT or Ingenious OT? Rethinking Rogue Tech00:02:29 - Cybersecurity Isn't Enough: The OT Risk You're Missing00:04:37 - Server Ghosts & Brewery Blunders: Fixing What IT Can't See00:06:41 - Visibility is Power: Using the Tools You Already Own00:09:50 - IT vs. OT: Breaking Silos, Building Alliances00:13:28 - Final Thoughts: Who Really Owns OT Security?Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
2025. május 15., szerda 6:30-8 óra NÉVNAPOK, ESEMÉNYEK, SZÜLETÉSNAPOSOK, LAPSZEMLE, TŐZSDEI HELYZETKÉP BUDAPEST, TE CSODÁS: Hírek a fővárosból és környékéről Nagy felújítást jelentett be Lázár János – 200 milliárdba fog kerülni - Infostart.hu Tarr Béla mond beszédet a 30. Budapest Pride megnyitóján Figyelem! Medvét láttak Budapesttől 40 km-re: mindenki legyen óvatos - Pénzcentrum Új campus expresszvonat Debrecen és Budapest között Több tízezer turistát és forintmilliárdokat hozhat a budapesti e-sport-bajnokság - Világgazdaság Dühös tüntetés szerveződik az átláthatósági törvény miatt - Propeller Ingyen adják a gyerekeknek a Városligetet ÉBRESZTŐ TÉMA: Benyújtották a törvényjavaslatot: az önkormányzatok korlátozhatják, kik költözhetnek be egy településre A tervezethez képest a törvényjavaslat enyhébbnek tekinthető: kikerült belőle ugyanis az a pont, amely értelmében az önkormányzat közvetlenül megtilthatná a nem helyben élők ingatlanvásárlását. Az önkormányzatok azonban így is fontos jogköröket kapnak. Benyújtották a törvényjavaslatot: az önkormányzatok korlátozhatják, kik költözhetnek be egy településre | 24.hu Balla Ákos, a Balla Ingatlan tulajdonos-ügyvezetője NULLADIK FAKTOR: Shadow AI A múlt héten a Shadow IT volt a téma. Most egy hasonló, de picit specifikusabb témakörrel foglalkozunk. A csapból is az AI folyik, az egész IT szakma ettől pezseg, miközben számos IT biztonsági kérdést vet fel. Köztük az egyik ilyen az újonnan megjelenő “Shadow AI” kifejezés. De mi is az a Shadow AI? - Egyet hátrébb lepve rövid összefoglaló általánosan a felhő használatról és a Shadow IT-ról. Kifejtve, hogy a Shadow AI az a Shadow IT egy szelete, csak az AI terjedese es relevanciaja miatt említjük meg külön fogalomként. Vállalati környezetben mik a főbb biztonsági aggályok, ha Shadow AI-ról van szó? - Láthatóság hiánya, rendkívül gyors terjedés felhasználok között. Feltöltött és kezelt adatok Hogyan lehet ezt kezelni? - A legfontosabb a láthatóság biztosítása. Emellett a felhasznalok folyamatos oktatasa. Vállalati “AI Policy” kialakitasa, megfékezni nem lehet és lehet nem is erdemes. Tudunk példát AI/Shadow AI-hoz köthető jelentős biztonsági incidensre? - Néhány nemzetközi példa + Utolsó kérdés: Hol lehet többet megtudni? - biztonsagosfelho.hu, leirasok, webinar regisztráció Angyal Dániel, a Scirge társalapítója HETI ALAPOZÓ: Mi történt a tőkepiacokon Trump elnökké választása óta? Czachesz Gábor, a VIG Befektetési Alapkezelő Multi-Asset desk vezetője
2025. május 8., csütörtök 6:30-8 óra Drukkolunk az érettségizőknek, de nem marad el a név- és születésnaposok köszöntése, a lapszemle és a tőzsdei összefoglaló sem. BUDAPEST, TE CSODÁS! - fővárosi rovat. Az Óbudai Gázgyár ügye, a legújabb fővárosi útfelújítások és a terézvárosi kukakommandó kerül terítékre. ÉBRESZTŐ TÉMA: Semmis devizahitelek? Mit mond az Európai Bíróság? Az elmúlt évtized talán legnagyobb „devizahiteles” bírósági győzelmét hozta egy svájci frank alapú lízingszerződés ügyében az Európai Bíróság ítélete közvetlenül a hosszú hétvége előtt. A döntés szerint úgy kell helyreállítani az eredeti állapotot, mintha a tisztességtelen árfolyamkockázati kikötés nem is létezett volna, ez a teljes szerződés semmissé tételét jelentheti, amennyiben erre vonatkozó szándékát az adós kifejezetten kinyilvánítja. dr. Marczingós László, az adósok védőügyvédje. NULLADIK FAKTOR: Shadow IT. Egyre inkább minden informatikai rendszer a felhőben egy böngészőn keresztül érhető el. Ez nagyban segíti a munkavállalók produktivitását, mert könnyedén hozzáférhetnek a munkájukat segítő rendszerekhez. Azonban van ennek egy árnyoldala is, ugyanis ez számos IT biztonsági kérdést felvet. Ezt a problémakört nevezzük magyarul arnyékinformatikának, szakzsargon szerint “Shadow IT”-nak. Húsvéti Zsolt, a Scirge alapítója.
Vibe Coding 2025H1 wkracza na scenę! Łukasz i Szymon analizują koncepcję vibe codingu stworzoną przez Andreja Karpathy'ego. Czy AI faktycznie może pisać kod za nas? Nasi Patoarchitekci konfrontują entuzjazm z technologicznym sceptycyzmem. Odcinek zagłębia się w praktyczne aspekty GitHub Copilot, Cursor i innych narzędzi AI. Prowadzący omawiają zagrożenia Shadow IT, znaczenie promptów systemowych i ograniczenia LLM-ów w dużych bazach kodu. Brownfield czy greenfield - gdzie AI sprawdzi się najlepiej? Sprawdź, czy twój projekt nadaje się do vibe codingu czy lepiej trzymać się tradycyjnego podejścia. Nie przegap dyskusji o tym, jak AI może pomóc w projektach osobistych, ale niekoniecznie w tworzeniu profesjonalnych aplikacji SaaS. Keep It Simple, Stupid! A teraz nie ma co się obijać!
Stay in control with Microsoft Defender. You can identify which AI apps and cloud services are in use across your environment, evaluate their risk levels, and allow or block them as needed—all from one place. Whether it's a sanctioned tool or a shadow AI app, you're equipped to set the right policies and respond fast to emerging threats. Defender XDR gives you the visibility to track complex attack paths—linking signals across endpoints, identities, and cloud apps. Investigate real-time alerts, protect sensitive data from misuse in AI tools like Copilot, and enforce controls even for in-house developed apps using system prompts and Azure AI Foundry. Rob Lefferts, Microsoft Security CVP, joins Jeremy Chapman to share how you can safeguard your AI-powered environment with a unified security approach. ► QUICK LINKS: 00:00 - Stay in control with Microsoft Defender 00:39 - Identify and protect AI apps 02:04 - View cloud apps and website in use 04:14 - Allow or block cloud apps 07:14 - Address security risks of internally developed apps 08:44 - Example in-house developed app 09:40 - System prompt 10:39 - Controls in Azure AI Foundry 12:28 - Defender XDR 14:19 - Wrap up ► Link References Get started at https://aka.ms/ProtectAIapps ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Dans cet épisode de Dans la Tech, après une (petite) pause prolongée, l'équipe se retrouve au complet pour aborder un sujet essentiel : la sécurité dans le cloud. Pour l'occasion, nous accueillons Victor, consultant indépendant spécialisé AWS, infrastructures et sécurité, pour un échange riche et sans filtre ! Au programme : • Nos parcours personnels avec la sécurité dans le cloud (AWS, Société Générale, startup, grand groupe, etc.) • Premiers réflexes à avoir pour sécuriser une nouvelle infrastructure sur cloud public (AWS, Scaleway, OVH…) • Bonnes pratiques autour de l'Infra as Code, IAM, CI/CD, backup, SSO, isolation réseau, gestion des permissions, et plateformes self-service sécurisées. • Incidents de sécurité vécus : phishing, crypto-mining, erreurs humaines, Shadow IT, supply chain… • Débat ouvert sur le SSH, la compromission humaine, les risques de l'attaque interne, et les limites du MFA. • Focus sur la protection des données sensibles, le rôle des outils comme Riot ou AWS Control Tower, et l'importance de l'audit et de la sensibilisation continue.
Rüdiger Trost und Tobias Schrödel tauchen tief ein in das Thema KI im Alltag, konkret: im Teams-Meeting. Was passiert, wenn Microsoft Copilot mitprotokolliert, analysiert – und vielleicht sogar widerspricht? Wie verändert das unsere Arbeit, unser Verhalten – ja vielleicht sogar Bewerbungsverfahren?
This episode is sponsored by Permiso. Visit permiso.io/idac to learn more.In this sponsored episode of the Identity at the Center Podcast, hosts Jeff and Jim sit down with Paul Nguyen, co-founder and co-CEO of Permiso, to discuss the critical role of identity security in modern information security. Paul shares insights into the history of identity threats, the rise of identity-focused attacks like Scattered Spider and LLM Jacking, and the importance of real-time identity monitoring for both human and non-human identities across cloud and on-prem environments. The episode explores how Permiso is positioned in the market to provide comprehensive identity threat detection and response (ITDR) and identity security posture management (ISPM), offering advanced visibility and proactive measures against emerging threats.Chapters00:00 Introduction to Security Vendors00:50 Welcome to the Identity at the Center Podcast01:30 Sponsored Spotlight: Permiso02:14 Meet Paul Nguyen, Co-Founder of Permiso03:34 The Importance of Identity in Security05:35 Permiso's Unique Approach to Identity Security07:36 Real-Time Monitoring and Threat Detection09:23 Challenges and Solutions in Identity Security15:16 Modern Attacks and Identity Threats25:56 The Role of Honeypots in Security Research26:49 Challenges of Maintaining Security27:15 Honeypots and Breach Detection27:46 Dwell Time and Reconnaissance28:34 Password Complexity and Monitoring Gaps29:24 Roles and Responsibilities in Identity Security29:49 Unified Identity Security Teams30:57 Emerging Threats and Joint Efforts32:49 Permiso's Role in Identity Security34:10 Detection and Response Strategies36:11 Managing Identity Risks36:51 Combining Prevention and Detection39:44 Real-World Applications and Challenges51:17 Personal Insights and Final ThoughtsConnect with Paul: https://www.linkedin.com/in/paulnguyen/Learn more about Permiso: https://permiso.io/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com and watch at idacpodcast.tvKeywords:identity security, real-time monitoring, IAM, cybersecurity, identity exploitation, modern attacks, insider threats, honeypots, organizational structure, Non-Human Identities, Identity Security, Permiso, Risk Management, Insider Threat, Shadow IT, Identity Graph, ITDR, ISPM, Cybersecurity
Customers installing unapproved software? IT departments bypassing your security or just plain ol' "doing whatever the hell they want?" That's Shadow IT, and it's a huge headache for MSPs. It creates hidden risks and liabilities, not just for your customers, but for you. Want to learn how to fight it? Listen up! Links for events, articles, and products mentioned in the podcast: Link to Register for Taste of Success - Texas: https://overview.ascii.com/tasteofsuccesstexas/ (Use VIP CODE: BRADGROSSVIP) Link to EverythingMSP Article: https://www.everythingmsp.com/blog/navigating-the-shadows-proactive-it-engagement-for-your-clients.html MSPTerms: https://www,mspterms.com
A significant security breach has emerged involving senior members of the Trump administration, including Vice President J.D. Vance and Defense Secretary Pete Hedgeseth, who shared top-secret military plans regarding U.S. attacks on the Houthi group in Yemen via the encrypted messaging app Signal. This breach was uncovered by journalist Jeffrey Goldberg, who found himself in a group chat with key cabinet members discussing sensitive information. The National Security Council has confirmed the authenticity of the message chain, leading to calls for an immediate investigation. The incident raises serious concerns about cybersecurity practices within the federal government, particularly regarding the use of unauthorized communication tools for classified discussions.The growing popularity of Signal among federal employees and military planners during the Trump administration highlights a troubling trend of shadow IT at the executive level. This situation poses a challenge for IT leaders, as it undermines established security protocols and sends a dangerous message to lower-level staff and contractors about the importance of adhering to internal policies. If top officials can bypass security measures without facing consequences, it diminishes the perceived value of compliance and accountability across the organization.In response to this breach, experts emphasize the need for stronger cybersecurity measures and accountability for federal leaders. The incident illustrates that policy violations can extend beyond corporate rules into federal law, with potential implications for national security. The lack of consequences for high-ranking officials could lead to a culture of complacency regarding cybersecurity, where employees may view policies as mere compliance theater rather than essential guidelines for protecting sensitive information.The podcast also discusses recent advancements in cybersecurity tools and services, including Microsoft's expansion of its AI-powered security co-pilot and Verizon's launch of a generative AI-powered text messaging solution for small businesses. These developments reflect a broader trend toward operationalizing AI in cybersecurity workflows and enhancing security measures for organizations. As managed service providers (MSPs) seek to streamline operations and improve compliance, the integration of new tools and partnerships is becoming increasingly important in navigating the evolving landscape of cybersecurity and data protection. Four things to know today 00:00 Shadow IT at the Top: War Plans on Signal Show Why Cyber Rules Without Consequences Don't Work05:54 Smarter Security, Faster Replies: Microsoft and Verizon Put AI on the Job for Everyone08:51 Fewer Tools, More Power: MSP Upgrades from Syncro, Cohesity, and MSPTerms Aim to Do It All11:53 One-Stop MSP? New Integrations Aim to Save Time, Boost Profits, and Lock You In Supported by: https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://www.huntress.com/mspradio/ Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech
Whether you appreciate it, tolerate it, or want to stamp it out, Shadow IT is not going anywhere. Is this necessarily a bad thing? Directions analysts Barry Briggs, Greg DeMichillie and Rob Sanfilippo share with Mary Jo Foley their ideas for managing and channeling Shadow IT in this roundtable discussion.
Whether you appreciate it, tolerate it, or want to stamp it out, Shadow IT is not going anywhere. Is this necessarily a bad thing? Directions analysts Barry Briggs, Greg DeMichillie and Rob Sanfilippo share with Mary Jo Foley their ideas for managing and channeling Shadow IT in this roundtable discussion.
Join Michael Krigsman on CXOTalk as leading CIO advisors Tim Crawford and Isaac Sacolick unpack actionable strategies for Chief Information Officers to thrive in the AI era. This episode dives into critical challenges and opportunities, offering insights on:Governance & Data Strategy: Prioritize robust AI governance frameworks and invest in clean, scalable data to drive reliable innovation. Sacolick stresses early integration of compliance and ethics, while Crawford underscores the need for a holistic data strategy to avoid “garbage in, garbage out” pitfalls.Change Management: Proactively educate teams and collaborate with HR (CHRO) to secure training budgets, empowering employees to adapt as AI reshapes workflows in IT, sales, and customer support.Innovation vs. Efficiency: Focus on AI initiatives that transform business models and customer experiences—not just productivity gains. Align pilots with clear OKRs, balancing agility with measurable outcomes to escape “pilot purgatory.”Collaboration & Risk Mitigation: Engage legal and audit teams early, building cross-functional councils to navigate regulatory demands and ethical AI use.Cultural Shifts: Embrace automation and upskilling, balancing Shadow IT's creativity with security guardrails to fast-track innovation responsibly.This discussion is perfect for IT leaders navigating digital transformation and equips CIOs to harness AI's disruptive potential. Like, subscribe, and share your questions in the comments to join the conversation shaping the future of enterprise AI!
IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Zero Trust World 2025, hosted by ThreatLocker, is fast approaching (February 19-21), bringing together security professionals, IT leaders, and business executives to discuss the principles and implementation of Zero Trust. Hosted by ThreatLocker, this event offers a unique opportunity to explore real-world security challenges and solutions.In a special On Location with Sean and Marco episode recorded ahead of the event, Ryan Bowman, VP of Solutions Engineering at ThreatLocker, shares insights into his upcoming session, The Dangers of Shadow IT. Shadow IT—the use of unauthorized applications and systems within an organization—poses a significant risk to security, operations, and compliance. Bowman's session aims to shed light on this issue and equip attendees with strategies to address it effectively.Understanding Shadow IT and Its RisksBowman explains that Shadow IT is more than just an inconvenience—it's a growing challenge for businesses of all sizes. Employees often turn to unauthorized tools and services because they perceive them as more efficient, cost-effective, or user-friendly than the official solutions provided by IT teams. While this may seem harmless, the reality is that these unsanctioned applications create serious security vulnerabilities, increase operational risk, and complicate compliance efforts.One of the most pressing concerns is data security. Employees using unauthorized platforms for communication, file sharing, or project management may unknowingly expose sensitive company data to external risks. When employees leave the organization or access is revoked, data stored in these unofficial systems can remain accessible, increasing the risk of breaches or data loss.Procurement issues also play a role in the Shadow IT problem. Bowman highlights cases where organizations unknowingly pay for redundant software services, such as using both Teams and Slack for communication, leading to unnecessary expenses. A lack of centralized oversight results in wasted resources and fragmented security controls.Zero Trust as a MindsetA recurring theme throughout the discussion is that Zero Trust is not just a technology or a product—it's a mindset. Bowman emphasizes that implementing Zero Trust requires organizations to reassess their approach to security at every level. Instead of inherently trusting employees or systems, organizations must critically evaluate every access request, application, and data exchange.This mindset shift extends beyond security teams. IT leaders must work closely with employees to understand why Shadow IT is being used and find secure, approved alternatives that still support productivity. By fostering open communication and making security a shared responsibility, organizations can reduce the temptation for employees to bypass official IT policies.Practical Strategies to Combat Shadow ITBowman's session will not only highlight the risks associated with Shadow IT but also provide actionable strategies to mitigate them. Attendees can expect insights into:• Identifying and monitoring unauthorized applications within their organization• Implementing policies and security controls that balance security with user needs• Enhancing employee engagement and education to prevent unauthorized technology use• Leveraging solutions like ThreatLocker to enforce security policies while maintaining operational efficiencyBowman also stresses the importance of rethinking traditional IT stereotypes. While security teams often impose strict policies to minimize risk, they must also ensure that these policies do not create unnecessary obstacles for employees. The key is to strike a balance between control and usability.Why This Session MattersWith organizations constantly facing new security threats, understanding the implications of Shadow IT is critical. Bowman's session at Zero Trust World 2025 will provide a practical, real-world perspective on how organizations can protect themselves without stifling innovation and efficiency.Beyond the technical discussions, the conference itself offers a unique chance to engage with industry leaders, network with peers, and gain firsthand experience with security tools in hands-on labs. With high-energy sessions, interactive learning opportunities, and keynotes from industry leaders like ThreatLocker CEO Danny Jenkins and Dr. Zero Trust, Chase Cunningham, Zero Trust World 2025 is shaping up to be an essential event for anyone serious about cybersecurity.For those interested in staying ahead of security challenges, attending Bowman's session on The Dangers of Shadow IT is a must.Guest: Ryan Bowman, VP of Solutions Engineering, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/ryan-bowman-3358a71b/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Zero Trust World 2025, hosted by ThreatLocker, is set to bring together IT professionals, business leaders, and cybersecurity practitioners for three days of hands-on labs, insightful discussions, and expert-led sessions. Taking place in Orlando, Florida, from February 19-21, this year's event promises an expanded agenda with cutting-edge topics, interactive workshops, and a unique approach to cybersecurity education.The Growth of Zero Trust WorldNow in its fifth year, Zero Trust World continues to grow exponentially, increasing in size by roughly 50% each year. Kieran Human, Special Projects Engineer at ThreatLocker, attributes this rapid expansion to the rising demand for cybersecurity solutions and the company's own growth. More IT leaders are recognizing the necessity of a Zero Trust approach—not just as a security measure, but as a fundamental philosophy for protecting their organizations.What to Expect: Hands-On Learning and Key DiscussionsOne of the biggest draws of Zero Trust World is its focus on hands-on experiences. Attendees can participate in hacking labs designed to teach them how cyber threats operate from an attacker's perspective. These include interactive exercises using rubber duckies—USB devices that mimic keyboards to inject malicious commands—demonstrating how easily cybercriminals can compromise systems.For those interested in practical applications of security measures, there will be sessions covering topics such as cookie theft, Metasploit, Windows and server security, and malware development. Whether an attendee is an entry-level IT professional or a seasoned security engineer, there's something to gain from these hands-on labs.High-Profile Speakers and Industry InsightsBeyond the labs, Zero Trust World 2025 will feature a lineup of influential speakers, including former Nintendo of America President and CEO Reggie Fils-Aimé, Chase Cunningham (known as Dr. Zero Trust), and ThreatLocker CEO Danny Jenkins. These sessions will provide strategic insights on Zero Trust implementation, industry challenges, and innovative cybersecurity practices.One of the key sessions to look forward to is “The Dangers of Shadow IT,” led by Ryan Bowman, VP of Solution Engineering at ThreatLocker. Shadow IT remains a major challenge for organizations striving to implement Zero Trust, as unauthorized applications and devices create vulnerabilities that security teams may not even be aware of. Stay tuned for a pre-event chat with Ryan coming your way soon.Networking, Certification, and MoreZero Trust World isn't just about education—it's also a prime networking opportunity. Attendees can connect during daily happy hours, the welcome and closing receptions, and a comic book-themed afterparty. ThreatLocker is even introducing a new cybersecurity comic book, adding a creative twist to the conference experience.A major highlight is the Cyber Hero Program, which offers attendees a chance to earn certification in Zero Trust principles. By completing the Cyber Hero exam, participants can have the cost of their event ticket fully refunded, making this an invaluable opportunity for those looking to deepen their cybersecurity expertise.A Unique Capture the Flag ChallengeFor those with advanced cybersecurity skills, the Capture the Flag challenge presents an exciting opportunity. The first person to successfully hack a specially designed, custom-painted high-end computer gets to take it home. This competition is expected to draw some of the best security minds in attendance, reinforcing the event's commitment to real-world application of cybersecurity techniques.Join the ConversationWith so much to see and do, Zero Trust World 2025 is shaping up to be an essential event for IT professionals, business leaders, and security practitioners. Sean Martin and Marco Ciappelli will be covering the event live, hosting interviews with speakers, panelists, and attendees to capture insights and takeaways.Whether you're looking to enhance your security knowledge, expand your professional network, or experience hands-on cybersecurity training, Zero Trust World 2025 offers something for everyone. If you're attending, be sure to stop by the podcast area and join the conversation on the future of Zero Trust security.Guest: Kieran Human, Special Projects Engineer, ThreatLocker [@ThreatLocker | On LinkedIn: https://www.linkedin.com/in/kieran-human-5495ab170/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this episode of AI Chronicles, Pete Cohen talks with Christian Ulstrup, a founder, product manager, and CEO advisor, about AI adoption in the workplace and its implications for the future of work. Christian introduces a three-level maturity model for AI adoption, progressing from single-player to multiplayer mode. He shares real-world examples of integrating AI into core workflows for clients, highlighting his commitment to consistent, hands-on experimentation. The discussion delves into approaches to AI tooling and investment, exploring the use of advanced models like OpenAI's o1 Pro and their impact on output quality. Christian is investing more than most people in his AI tooling, and we get to hear his insights on the benefits of using high-performance AI models for various tasks. Christian introduces Powerline, a product he's developing that functions as an "AI Chief of Staff." This tool analyses meeting transcripts to provide insights for CEOs and helps maintain connections between leadership and teams, showcasing practical applications of AI in organisational management. We also get insight into how one person with limited coding knowledge can leverage AI tools to develop, launch and maintain a software product. Looking to the future, Christian and Pete discuss the anticipated shift towards more remote, asynchronous, and AI-mediated work environments, with practical advice on adapting to these changes and leveraging AI tools to enhance productivity and collaboration. Throughout the episode, Christian emphasises the importance of experimentation and hands-on experience with AI tools, encouraging listeners to explore and integrate AI into their workflows. Recommended writing of Christian's to read: Accelerated AI Adoption: A Three-Level Maturity Model and How to Make the Shift From Single-Player to Multiplayer Mode - https://bit.ly/3Wm7u3n Learning through doing - https://bit.ly/42ehHT5 Where to find and connect with Christian: LinkedIn: https://www.linkedin.com/in/christianulstrup/ GSD at Work: https://www.linkedin.com/company/gsd-at-work Powerline: https://powerline.bot Tools and resources mentioned: ChatGPT and GPT-4 (https://chat.openai.com/) - Conversational AI models for general-purpose text generation and assistance, with GPT-4 offering enhanced reasoning capabilities. Claude (https://www.anthropic.com/) - Advanced AI language model offering versatile capabilities for various tasks. Superwhisper (https://www.superwhisper.com/) - Voice-to-text dictation tool utilizing AI for accurate transcription. Loom (https://www.loom.com/) - Video messaging tool for asynchronous communication and collaboration. Replit (https://replit.com/) - Online integrated development environment (IDE) and collaboration platform for coding. Powerline (https://powerline.bot) - AI chief of staff tool developed by Christian Ulstrup for analysing meeting transcripts and providing insights. Timestamps: 00:00 Introduction of Christian Ohlstrom 02:30 Christian's background and professional journey 05:15 Discussion on AI adoption and maturity model 08:30 Explanation of single-player to multiplayer mode in AI usage 11:45 Importance of experimentation in AI adoption 15:20 Challenges of AI adoption in large organizations 18:45 Shadow IT use and formal policies for AI tools in enterprises 22:30 Introduction to o1 Pro and its capabilities 27:15 Jevons paradox applied to AI technology 29:30 Overview of Powerline, Christian's "AI Chief of Staff" product 34:45 Examples of Powerline's practical applications 38:15 Christian's journey in learning programming through AI 41:00 Future of work predictions: remote, asynchronous, and AI-mediated 45:30 The shift towards fractional and gig economy work 48:45 Advice for adapting to the changing work landscape 52:30 Final tips and resources for getting started with AI tools
Some CISOs might see industry regulators as an obstacle to their objectives, but not Jorges Fernandez, CISO & DPO for the Portuguese Securities & Exchange Commission, CMVM, and active participant on multiple regulatory bodies. In this episode of Brass Tacks - Talking Cybersecurity, Jorge shares his unique experience and perspective as both regulator and regulated entity, explaining how open collaboration and transparency are key to reducing the impact of cybersecurity incidents, not just within an organization, but across the entire sector. He and host, Joe Robertson, also discuss shaping perceptions of the security team, limiting the emergence of Shadow IT, the business impact of regulations such as the EU's Digital Operational Resilience Act, DORA, and the responsibility of vendors to ensure "Security by Design" in the products they provide. Don't miss this insightful discussion. More about Fortinet: ftnt.net/60595CcyH Read our blog: ftnt.net/60505Ccyj Follow us on LinkedIn: ftnt.net/60515Ccyd
In this special Halloween episode of CISO Tradecraft, host G Mark Hardy delves into the lurking dangers of Shadow IT and Zombie IT within organizations. Learn about the origins, risks, and impacts of these hidden threats, and discover proactive measures that CISOs can implement to safeguard their IT ecosystems. Strategies discussed include rigorous asset management, automation, and comprehensive compliance reviews. Tune in for insights to foster a secure, compliant, and efficient IT environment, and don't miss out on an exclusive opportunity to join a cybersecurity conference aboard a luxury cruise. CruiseCon Discount Code: CISOTRADECRAFT10 CruiseCon Link: https://cruisecon.com/ Transcripts: https://docs.google.com/document/d/1lh-TQhaSOIA2rITaXgTaqugl7FRGevnn Chapters 00:00 Introduction to Shadow IT and Zombie IT 02:14 Defining Shadow IT 04:58 Risks of Shadow IT 07:29 Introduction to Zombie IT 09:35 Risks of Zombie IT 11:25 Shadows vs Zombies 11:25 Comparing Shadow IT and Zombie IT 19:11 Lifecycle Management Strategies 19:56 Summarizing the Threats and Solutions 22:32 Final Thoughts and Call to Action
The summer lull has us reflecting on how the evolution of cloud computing has shaped the existing era that's trying to figure out AI. With a special guest introduction. SHOW: 848SHOW TRANSCRIPT: The Cloudcast #848 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW NOTES:WE HAVE A SPECIAL GUEST LEADING OFF THE SHOW - AFTER 13 YEARSWHAT PARTS OF THE CLOUD EVOLUTION HAVE LAID THE FOUNDATION FOR TODAY?[BAD] Shadow IT set Enterprise IT back 5-10 years, with the same responsibilities[GOOD] Technology experimentation has become the norm, from technologists to business leaders. [BAD] We still don't really know how to measure the cost or return (ROI) of technology spending.[GOOD] We have a new appreciation for the power of software and software development to change businesses and markets.[BAD] But we still haven't figured how to normalize great software development[GOOD] Open source communities (e.g. CNCF, etc.) provided a blueprint for bringing new innovation to the marketplace[BAD] We saw how long it took for Cloud to be disruptive, but now that valuations are so high, we haven't learned patience for new disruptions.[GOOD] The “cloud” way of doing things has laid the foundation for what might/will come next. FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
In this episode of SaaS Fuel, we sit down with Sethu Meenakshisundaram, co-founder of Zluri - a SaaS management and identity governance company born out of the need to tackle hidden SaaS costs that surfaced during the COVID-19 pandemic.Sethu recounts the inception of Zluri during the COVID-19 pandemic, revealing how the founders identified a critical need for better visibility and control over hidden SaaS costs even for small businesses. Sethu highlights Zluri's evolution from a cost optimization tool to a proactive platform, addressing the diverse needs of both enterprises and smaller companies. Explore the value of integration, automation, and maintaining up-to-date to ensure scalable and adaptable IT management solutions. Additionally, Sethu shares insights on Managed IT, Shadow IT, and the emerging Shadow AI.Key Takeaways00:00 Ensure meaningful customer engagement with authentic SaaS.03:17 Utilize analytics tools for detailed user insights.07:06 Embracing problem led to $50,000 saving.12:16 Different service delivery models for varying sizes.13:37 Zulary needs integrations, highlights importance of security.19:46 Complexity of integration improved, faster value delivery.23:26 Questioning the purpose and value of work.24:50 Champion Leadership Group scales revenue and outwits competitors.29:02 Zluri offers exhaustive IT discovery engine.31:53 Admin roles crucial, over-permissioning poses security risk.36:52 Expand discovery, control and technology for visibility.38:27 Architecture supports user access reviews for scaling.42:16 Be prepared, but do it anyway.45:39 Investing is complex, understand it thoroughly.Tweetable Quotes"Without integration, the platform doesn't work, which means integration is a core story of Slurry." — Sethu 00:17:54Shadow AI: "People are using a lot of AI application that they don't want their IT to know of. And to use those apps, they are exchanging the company's data as a bottom." — Sethu 00:28:12"Importance of Access Control in Safeguarding Organizations": "People find it very hard to get access to a job, and sometimes they do not get the right level of access, which means they get over permissioned in an application. And that becomes a critical issue during times when bad actors pop up because they can do a lot of things." — Sethu 00:32:12But as our vision expands, do we have the technology today to expand along with that? And the answer is yes." — Sethu 00:37:19"Engagement is one of the most important metrics SaaS leaders can track. Why is that? Well, it's a forward-looking measure of revenue and an early warning system of churn." — Jeff Mains 00:01:01The importance of tracking authentic SaaS customer engagement: "You've got to go beyond vanity metrics and focus on actions that indicate genuine involvement and significant outcomes." — Jeff Mains 00:02:36Quote: "Got to implement customer feedback loops. And to do that, we wanna actively seek feedback from users through surveys, through interviews, through in-app prompts." — Jeff Mains 00:04:30 Quote: "Tracking authentic SaaS customer engagement requires focusing on the right metrics, using advanced tools, and incorporating continuous customer feedback." — Jeff Mains 00:05:08SaaS Leadership LessonsEmbrace the Problem You Love: Sethu's journey with Zluri began with a genuine passion for solving a significant problem they encountered during the COVID-19 pandemic– hidden SaaS costs. His deep connection to the issue drove the successful pivot from gamifying corporate learning to addressing...
Industrial Talk is chatting with Hartmut Hahn, CEO at Userlane about “Extracting greater value and user adoption out of your technology stack”. Scott MacKenzie and Hartmut Hahn discussed challenges in extracting value from technology stacks, optimizing software use, and reducing software spend. They emphasized the importance of data-driven insights and user engagement to identify areas of improvement. Hartmut highlighted their platform's ability to track user interactions and provide a framework for evaluating software use. Scott MacKenzie questioned how their approach could accommodate different organizational processes. Later, Hartmut discussed the role of predictive analytics in technology adoption, emphasizing the need for a comprehensive understanding of business processes and constant monitoring. The speakers also highlighted the importance of predicting user adoption and efficiency, reaching out to Hardware Lane company for collaboration, and leveraging technology to solve problems. Action Items [ ] Reach out to Userlane directly through their website or contact Hartmut Hahn on LinkedIn for a demo or trial of their software. [ ] Promote industrial podcasts or technologies on the Industrial Talk platform by contacting Scott MacKenzie. (Podcast owners, technology companies) [ ] Map out key business processes to track within Userlane's software once onboarding. Outline Using technology to extract value from digital transformation solutions. Scott MacKenzie interviews Hartmut Hahn about Userlane platform insights. Industrial talk provides a platform for podcasts and technology solutions to reach a wider audience. Scott MacKenzie interviews Heartburn about technology solutions. Software usage and efficiency in large organizations. Hartmut: Companies buy many software solutions, often without proper implementation. Hartmut: Companies struggle with paying consultancies for software implementation. Hartmut: Executives have gut feelings about software usage, but no data to back it up. Hartmut: Userlane analyzes software stack to identify usage patterns, struggles, and areas for improvement. Process mapping and monitoring in software development. Hartmut explains how their software tracks employee interactions across five dimensions to provide a score for each software, highlighting differences in implementation across organizations. Hartmut emphasizes the importance of process mapping and its value in identifying areas for improvement. Hartmut: Monitor processes constantly, adjust yellow/green indicators based on business needs. Hartmut: Executives like constant monitoring, but may not know extent of Salesforce licenses or usage. Optimizing software spend and improving user experience. Hartmut mentions realizing unnecessary software costs and Shadow IT usage. Scott MacKenzie agrees, highlighting the importance of technology stack optimization. Hartmut suggests optimizing software spend by identifying unused licenses and improving usage of business-critical software. Hartmut offers solutions to increase employee engagement and motivation, such as creating interactive guides and content within the application. Technology efficiency and predictive analytics for business success. Scott MacKenzie: Predicting user adoption, efficiency, and inefficiencies in technology. Hartmut: Predicting new releases' impact on productivity, addressing inefficiencies. Hartmut encourages listeners to reach out for collaboration on technology solutions. If interested in
The introduction of cloud computing brought about a significant change on how we use technology with our businesses. Let's look at the historical parallels to today's AI for the Enterprise. (Part 2 of 3)SHOW: 828SHOW TRANSCRIPT: The Cloudcast #828SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSOR:Panoptica, Cisco's Cloud Application Security solutionSHOW NOTES:Part 1: How Today's AI is like the Early 2000s (Cloudcast Eps:828)WHAT SHAPED THE EARLY 2010s?2008 financial crash and less money available for technology (uncertainty)Increased frustration with corporate IT organizations (too much “no”)The possibilities of mobile computing and socially connected societies (abundance)EARLY CLOUD WAS ALL ABOUT BREAKING AWAY FROM CORPORATE ITIt's a new generation of computing, so the future winner is unknown.Many companies are trying to have centralized IT policies - one size fits allData governance and legal liability is driving corporate policies (education needed)Consumer AI is widely available and applicable to some job functionsExecutives are starting to talk about “AI First” policiesCloud-native and Cloud-migrated were very different things, with different resultsFEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
Let's put today's AI era into some historic context by looking at the similarities and parallels to the explosion of the 1st wave of the consumer Internet. SHOW: 826SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSOR:Panoptica, Cisco's Cloud Application Security solutionSHOW NOTES:Building the Information Super Highway (pre-2000)Executives discuss the Information Super Highway2001 - A DotCom Bubble Odyssey (Cloudcast Eps.772)WE'RE FASCINATED BY THE IDEA OF TECHNOLOGY CHANGING EVERYTHING2000s era Internet was going to change everythingGenAI is predicted to change everythingMOST TECHNOLOGY'S SHIFT HAPPEN WITH CONSUMERS FIRSTGenAI still can't validate accuracy (e.g. hallucinations)GenAI is still extremely expensive to create, maintainGenAI still doesn't have a widely-adopted business modelShadow GenAI groups will emerge in the EnterprisePeople are still mostly thinking about GenAI as a way to offload things they don't want to do vs. improving their existing skillsFEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security. Segment Resources: Bedrock Security: https://www.bedrock.security/ Bedrock Security X/Twitter: https://twitter.com/bedrocksec Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/ House Rx (customer) Case Study: https://tinyurl.com/35v48wx7 Introductory Whitepaper: https://tinyurl.com/5yjeu92b Innovation Sandbox 2024: https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them! Show Notes: https://securityweekly.com/vault-asw-10
Whether or not you're familiar with shadow IT, know this: it's everywhere. Our guest this week, Charlie Livingstone, shines a light on the growing problem of shadow IT and how Wagestream are managing the risks it poses. Sit down with Roo and Charlie, as they unpack what shadow IT actually is, the growing challenges associated with it, and what we can do to safeguard ourselves and our organizations.
What will be the adoption patterns for AI within the Enterprise? Will it follow the early days of Cloud Computing, or will new and different patterns emerge? SHOW: 810SHOW TRANSCRIPT: Cloudcast #810 SHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW NOTES:WHAT WERE THE PATTERNS FOR ENTERPRISE IT AND CLOUD?Shadow ITHigh-scalability or Short-term Projects (and experimentation)Migration via “Cloud First” initiativesDifficult stuff came lastWHAT'S DIFFERENT ABOUT AI vs. CLOUD?CPU to CPU was easier to calculate vs. CPU + GPUHave we learned any lessons about how to value people's productivity?Does Enterprise AI need a Crawl, Walk, Run scenario? Do they need to be sequential and linked? Are Enterprise AI use-cases well defined? How long is the Enterprise willing to fail at experiments? What's the Enterprise tolerance for GenAI “flaws” (e.g. hallucinations, lack of citations, etc.)Will GenAI rejuvenate Predictive AI projects in the Enterprise? FEEDBACK?Email: show at the cloudcast dot netTwitter: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
Gone are the days of merely safeguarding school computers! Censornet, a rising star in the tech industry, has undergone a remarkable transformation. From its roots as an internet security provider for educators, it has emerged as a trailblazing force in digital risk management. Today, Censornet offers a comprehensive suite of tools designed to confront the dynamic challenges of the digital landscape, ensuring a safer and more secure online environment for all. This evolution stems from recognising that traditional threats are no longer the sole concern. With the proliferation of Shadow IT, unauthorised applications and devices, and the rise of insider threats, organisations face a complex array of risks. In this episode of the EM360 Podcast, Jonathan Care, Advisor at Lionfish Tech Advisors, speaks to Gareth Lockwood, VP of Product at Censornet, to discuss:Inspiration behind Censornet Censornet's Capabilities Censornet's Clients Shadow-IT Prevention of future vulnerabilities with AI and Censornet
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-343
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! Show Notes: https://securityweekly.com/bsw-343
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it's more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them! In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-343
Evelyn Osman, Principal Platform Engineer at AutoScout24, joins Corey on Screaming in the Cloud to discuss the dire need for developers to agree on a standardized tool set in order to scale their projects and innovate quickly. Corey and Evelyn pick apart the new products being launched in cloud computing and discover a large disconnect between what the industry needs and what is actually being created. Evelyn shares her thoughts on why viewing platforms as products themselves forces developers to get into the minds of their users and produces a better end result.About EvelynEvelyn is a recovering improviser currently role playing as a Lead Platform Engineer at Autoscout24 in Munich, Germany. While she says she specializes in AWS architecture and integration after spending 11 years with it, in truth she spends her days convincing engineers that a product mindset will make them hate their product managers less.Links Referenced:LinkedIn: https://www.linkedin.com/in/evelyn-osman/TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is Evelyn Osman, engineering manager at AutoScout24. Evelyn, thank you for joining me.Evelyn: Thank you very much, Corey. It's actually really fun to be on here.Corey: I have to say one of the big reasons that I was enthused to talk to you is that you have been using AWS—to be direct—longer than I have, and that puts you in a somewhat rarefied position where AWS's customer base has absolutely exploded over the past 15 years that it's been around, but at the beginning, it was a very different type of thing. Nowadays, it seems like we've lost some of that magic from the beginning. Where do you land on that whole topic?Evelyn: That's actually a really good point because I always like to say, you know, when I come into a room, you know, I really started doing introductions like, “Oh, you know, hey,” I'm like, you know, “I'm this director, I've done this XYZ,” and I always say, like, “I'm Evelyn, engineering manager, or architect, or however,” and then I say, you know, “I've been working with AWS, you know, 11, 12 years,” or now I can't quite remember.Corey: Time becomes a flat circle. The pandemic didn't help.Evelyn: [laugh] Yeah, I just, like, a look at that the year, and I'm like, “Jesus. It's been that long.” Yeah. And usually, like you know, you get some odd looks like, “Oh, my God, you must be a sage.” And for me, I'm… you see how different services kind of, like, have just been reinventions of another one, or they just take a managed service and make another managed service around it. So, I feel that there's a lot of where it's just, you know, wrapping up a pretty bow, and calling it something different, it feels like.Corey: That's what I've been low-key asking people for a while now over the past year, namely, “What is the most foundational, interesting thing that AWS has done lately, that winds up solving for this problem of whatever it is you do as a company? What is it that has foundationally made things better that AWS has put out in the last service? What was it?” And the answers I get are all depressingly far in the past, I have to say. What's yours?Evelyn: Honestly, I think the biggest game-changer I remember experiencing was at an analyst summit in Stockholm when they announced Lambda.Corey: That was announced before I even got into this space, as an example of how far back things were. And you're right. That was transformative. That was awesome.Evelyn: Yeah, precisely. Because before, you know, we were always, like, trying to figure, okay, how do we, like, launch an instance, run some short code, and then clean it up. AWS is going to charge for an hour, so we need to figure out, you know, how to pack everything into one instance, run for one hour. And then they announced Lambda, and suddenly, like, holy shit, this is actually a game changer. We can actually write small functions that do specific things.And, you know, you go from, like, microservices, like, to like, tiny, serverless functions. So, that was huge. And then DynamoDB along with that, really kind of like, transformed the entire space for us in many ways. So, back when I was at TIBCO, there was a few innovations around that, even, like, one startup inside TIBCO that quite literally, their entire product was just Lambda functions. And one of their problems was, they wanted to sell in the Marketplace, and they couldn't figure out how to sell Lambda on the marketplace.Corey: It's kind of wild when we see just how far it's come, but also how much they've announced that doesn't change that much, to be direct. For me, one of the big changes that I remember that really made things better for customers—thought it took a couple of years—was EFS. And even that's a little bit embarrassing because all that is, “All right, we finally found a way to stuff a NetApp into us-east-1,” so now NFS, just like you used to use it in the 90s and the naughts, can be done responsibly in the cloud. And that, on some level, wasn't a feature launch so much as it was a concession to the ways that companies had built things and weren't likely to change.Evelyn: Honestly, I found the EFS launch to be a bit embarrassing because, like, you know, when you look closer at it, you realize, like, the performance isn't actually that great.Corey: Oh, it was horrible when it launched. It would just slam to a halt because you got the IOPS scaled with how much data you stored on it. The documentation explicitly said to use dd to start loading a bunch of data onto it to increase the performance. It's like, “Look, just sandbag the thing so it does what you'd want.” And all that stuff got fixed, but at the time it looked like it was clown shoes.Evelyn: Yeah, and that reminds me of, like, EBS's, like, gp2 when we're, like you know, we're talking, like, okay, provision IOPS with gp2. We just kept saying, like, just give yourself really big volume for performance. And it feel like they just kind of kept that with EFS. And it took years for them to really iterate off of that. Yeah, so, like, EFS was a huge thing, and I see us, we're still using it now today, and like, we're trying to integrate, especially for, like, data center migrations, but yeah, you always see that a lot of these were first more for, like, you know, data centers to the cloud, you know. So, first I had, like, EC2 classic. That's where I started. And I always like to tell a story that in my team, we're talking about using AWS, I was the only person fiercely against it because we did basically large data processing—sorry, I forget the right words—data analytics. There we go [laugh].Corey: I remember that, too. When it first came out, it was, “This sounds dangerous and scary, and it's going to be a flash in the pan because who would ever trust their core compute infrastructure to some random third-party company, especially a bookstore?” And yeah, I think I got that one very wrong.Evelyn: Yeah, exactly. I was just like, no way. You know, I see all these articles talking about, like, terrible disk performance, and here I am, where it's like, it's my bread and butter. I'm specialized in it, you know? I write code in my sleep and such.[Yeah, the interesting thing is, I was like, first, it was like, I can 00:06:03] launch services, you know, to kind of replicate when you get in a data center to make it feature comparable, and then it was taking all this complex services and wrapping it up in a pretty bow for—as a managed service. Like, EKS, I think, was the biggest one, if we're looking at managed services. Technically Elasticsearch, but I feel like that was the redheaded stepchild for quite some time.Corey: Yeah, there was—Elasticsearch was a weird one, and still is. It's not a pleasant service to run in any meaningful sense. Like, what people actually want as the next enhancement that would excite everyone is, I want a serverless version of this thing where I can just point it at a bunch of data, I hit an API that I don't have to manage, and get Elasticsearch results back from. They finally launched a serverless offering that's anything but. You have to still provision compute units for it, so apparently, the word serverless just means managed service over at AWS-land now. And it just, it ties into the increasing sense of disappointment I've had with almost all of their recent launches versus what I felt they could have been.Evelyn: Yeah, the interesting thing about Elasticsearch is, a couple of years ago, they came out with OpenSearch, a competing Elasticsearch after [unintelligible 00:07:08] kind of gave us the finger and change the licensing. I mean, OpenSearch actually become a really great offering if you run it yourself, but if you use their managed service, it can kind—you lose all the benefits, in a way.Corey: I'm curious, as well, to get your take on what I've been seeing that I think could only be described as an internal shift, where it's almost as if there's been a decree passed down that every service has to run its own P&L or whatnot, and as a result, everything that gets put out seems to be monetized in weird ways, even when I'd argue it shouldn't be. The classic example I like to use for this is AWS Config, where it charges you per evaluation, and that happens whenever a cloud resource changes. What that means is that by using the cloud dynamically—the way that they supposedly want us to do—we wind up paying a fee for that as a result. And it's not like anyone is using that service in isolation; it is definitionally being used as people are using other cloud resources, so why does it cost money? And the answer is because literally everything they put out costs money.Evelyn: Yep, pretty simple. Oftentimes, there's, like, R&D that goes into it, but the charges seem a bit… odd. Like from an S3 lens, was, I mean, that's, like, you know, if you're talking about services, that was actually a really nice one, very nice holistic overview, you know, like, I could drill into a data lake and, like, look into things. But if you actually want to get anything useful, you have to pay for it.Corey: Yeah. Everything seems to, for one reason or another, be stuck in this place where, “Well, if you want to use it, it's going to cost.” And what that means is that it gets harder and harder to do anything that even remotely resembles being able to wind up figuring out where's the spend going, or what's it going to cost me as time goes on? Because it's not just what are the resources I'm spinning up going to cost, what are the second, third, and fourth-order effects of that? And the honest answer is, well, nobody knows. You're going to have to basically run an experiment and find out.Evelyn: Yeah. No, true. So, what I… at AutoScout, we actually ended up doing is—because we're trying to figure out how to tackle these costs—is they—we built an in-house cost allocation solution so we could track all of that. Now, AWS has actually improved Cost Explorer quite a bit, and even, I think, Billing Conductor was one that came out [unintelligible 00:09:21], kind of like, do a custom tiered and account pricing model where you can kind of do the same thing. But even that also, there is a cost with it.I think that was trying to compete with other, you know, vendors doing similar solutions. But it still isn't something where we see that either there's, like, arbitrarily low pricing there, or the costs itself doesn't really quite make sense. Like, AWS [unintelligible 00:09:45], as you mentioned, it's a terrific service. You know, we try to use it for compliance enforcement and other things, catching bad behavior, but then as soon as people see the price tag, we just run away from it. So, a lot of the security services themselves, actually, the costs, kind of like, goes—skyrockets tremendously when you start trying to use it across a large organization. And oftentimes, the organization isn't actually that large.Corey: Yeah, it gets to this point where, especially in small environments, you have to spend more energy and money chasing down what the cost is than you're actually spending on the thing. There were blog posts early on that, “Oh, here's how you analyze your bill with Redshift,” and that was a minimum 750 bucks a month. It's, well, I'm guessing that that's not really for my $50 a month account.Evelyn: Yeah. No, precisely. I remember seeing that, like, entire ETL process is just, you know, analyze your invoice. Cost [unintelligible 00:10:33], you know, is fantastic, but at the end of the day, like, what you're actually looking at [laugh], is infinitesimally small compared to all the data in that report. Like, I think oftentimes, it's simply, you know, like, I just want to look at my resources and allocate them in a multidimensional way. Which actually isn't really that multidimensional, when you think about it [laugh].Corey: Increasingly, Cost Explorer has gotten better. It's not a new service, but every iteration seems to improve it to a point now where I'm talking to folks, and they're having a hard time justifying most of the tools in the cost optimization space, just because, okay, they want a percentage of my spend on AWS to basically be a slightly better version of a thing that's already improving and works for free. That doesn't necessarily make sense. And I feel like that's what you get trapped into when you start going down the VC path in the cost optimization space. You've got to wind up having a revenue model and an offering that scales through software… and I thought, originally, I was going to be doing something like that. At this point, I'm unconvinced that anything like that is really tenable.Evelyn: Yeah. When you're a small organization you're trying to optimize, you might not have the expertise and the knowledge to do so, so when one of these small consultancies comes along, saying, “Hey, we're going to charge you a really small percentage of your invoice,” like, okay, great. That's, like, you know, like, a few $100 a month to make sure I'm fully optimized, and I'm saving, you know, far more than that. But as soon as your invoice turns into, you know, it's like $100,000, or $300,000 or more, that percentage becomes rather significant. And I've had vendors come to me and, like, talk to me and is like, “Hey, we can, you know, for a small percentage, you know, we're going to do this machine learning, you know, AI optimization for you. You know, you don't have to do anything. We guaranteed buybacks your RIs.” And as soon as you look at the price tag with it, we just have to walk away. Or oftentimes we look at it, and there are truly very simple ways to do it on your own, if you just kind of put some thought into it.Corey: While we want to talking a bit before this show, you taught me something new about GameLift, which I think is a different problem that AWS has been dealing with lately. I've never paid much attention to it because it is the—as I assume from what it says on the tin, oh, it's a service for just running a whole bunch of games at scale, and I'm not generally doing that. My favorite computer game remains to be Twitter at this point, but that's okay. What is GameLift, though, because you want to shining a different light on it, which makes me annoyed that Amazon Marketing has not pointed this out.Evelyn: Yeah, so I'll preface this by saying, like, I'm not an expert on GameLift. I haven't even spun it up myself because there's quite a bit of price. I learned this fall while chatting with an SA who works in the gaming space, and it kind of like, I went, like, “Back up a second.” If you think about, like, I'm, you know, like, World of Warcraft, all you have are thousands of game clients all over the world, playing the same game, you know, on the same server, in the same instance, and you need to make sure, you know, that when I'm running, and you're running, that we know that we're going to reach the same point the same time, or if there's one object in that room, that only one of us can get it. So, all these servers are doing is tracking state across thousands of clients.And GameLift, when you think about your dedicated game service, it really is just multi-region distributed state management. Like, at the basic, that's really what it is. Now, there's, you know, quite a bit more happening within GameLift, but that's what I was going to explain is, like, it's just state management. And there are far more use cases for it than just for video games.Corey: That's maddening to me because having a global session state store, for lack of a better term, is something that so many customers have built themselves repeatedly. They can build it on top of primitives like DynamoDB global tables, or alternately, you have a dedicated region where that thing has to live and everything far away takes forever to round-trip. If they've solved some of those things, why on earth would they bury it under a gaming-branded service? Like, offer that primitive to the rest of us because that's useful.Evelyn: No, absolutely. And honestly, I wouldn't be surprised if you peeled back the curtain with GameLift, you'll find a lot of—like, several other you know, AWS services that it's just built on top of. I kind of mentioned earlier is, like, what I see now with innovation, it's like we just see other services packaged together and releases a new product.Corey: Yeah, IoT had the same problem going on for years where there was a lot of really good stuff buried in there, like IOT events. People were talking about using that for things like browser extensions and whatnot, but you need to be explicitly told that that's a thing that exists and is handy, but otherwise you'd never know it was there because, “Well, I'm not building anything that's IoT-related. Why would I bother?” It feels like that was one direction that they tended to go in.And now they take existing services that are, mmm, kind of milquetoast, if I'm being honest, and then saying, “Oh, like, we have Comprehend that does, effectively detection of themes, keywords, and whatnot, from text. We're going to wind up re-releasing that as Comprehend Medical.” Same type of thing, but now focused on a particular vertical. Seems to me that instead of being a specific service for that vertical, just improve the baseline the service and offer HIPAA compliance if it didn't exist already, and you're mostly there. But what do I know? I'm not a product manager trying to get promoted.Evelyn: Yeah, that's true. Well, I was going to mention that maybe it's the HIPAA compliance, but actually, a lot of their services already have HIPAA compliance. And I've stared far too long at that compliance section on AWS's site to know this, but you know, a lot of them actually are HIPAA-compliant, they're PCI-compliant, and ISO-compliant, and you know, and everything. So, I'm actually pretty intrigued to know why they [wouldn't 00:16:04] take that advantage.Corey: I just checked. Amazon Comprehend is itself HIPAA-compliant and is qualified and certified to hold Personal Health Information—PHI—Private Health Information, whatever the acronym stands for. Now, what's the difference, then, between that and Medical? In fact, the HIPAA section says for Comprehend Medical, “For guidance, see the previous section on Amazon Comprehend.” So, there's no difference from a regulatory point of view.Evelyn: That's fascinating. I am intrigued because I do know that, like, within AWS, you know, they have different segments, you know? There's, like, Digital Native Business, there's Enterprise, there's Startup. So, I am curious how things look over the engineering side. I'm going to talk to somebody about this now [laugh].Corey: Yeah, it's the—like, I almost wonder, on some level, it feels like, “Well, we wound to building this thing in the hopes that someone would use it for something. And well, if we just use different words, it checks a box in some analyst's chart somewhere.” I don't know. I mean, I hate to sound that negative about it, but it's… increasingly when I talk to customers who are active in these spaces around the industry vertical targeted stuff aimed at their industry, they're like, “Yeah, we took a look at it. It was adorable, but we're not using it that way. We're going to use either the baseline version or we're going to work with someone who actively gets our industry.” And I've heard that repeated about three or four different releases that they've put out across the board of what they've been doing. It feels like it is a misunderstanding between what the world needs and what they're able to or willing to build for us.Evelyn: Not sure. I wouldn't be surprised, if we go far enough, it could probably be that it's just a product manager saying, like, “We have to advertise directly to the industry.” And if you look at it, you know, in the backend, you know, it's an engineer, you know, kicking off a build and just changing the name from Comprehend to Comprehend Medical.Corey: And, on some level, too, they're moving a lot more slowly than they used to. There was a time where they were, in many cases, if not the first mover, the first one to do it well. Take Code Whisperer, their AI powered coding assistant. That would have been a transformative thing if GitHub Copilot hadn't beaten them every punch, come out with new features, and frankly, in head-to-head experiments that I've run, came out way better as a product than what Code Whisperer is. And while I'd like to say that this is great, but it's too little too late. And when I talk to engineers, they're very excited about what Copilot can do, and the only people I see who are even talking about Code Whisperer work at AWS.Evelyn: No, that's true. And so, I think what's happening—and this is my opinion—is that first you had AWS, like, launching a really innovative new services, you know, that kind of like, it's like, “Ah, it's a whole new way of running your workloads in the cloud.” Instead of you know, basically, hiring a whole team, I just click a button, you have your instance, you use it, sell software, blah, blah, blah, blah. And then they went towards serverless, and then IoT, and then it started targeting large data lakes, and then eventually that kind of run backwards towards security, after the umpteenth S3 data leak.Corey: Oh, yeah. And especially now, like, so they had a hit in some corners with SageMaker, so now there are 40 services all starting with the word SageMaker. That's always pleasant.Evelyn: Yeah, precisely. And what I kind of notice is… now they're actually having to run it even further back because they caught all the corporations that could pivot to the cloud, they caught all the startups who started in the cloud, and now they're going for the larger behemoths who have massive data centers, and they don't want to innovate. They just want to reduce this massive sysadmin team. And I always like to use the example of a Bare Metal. When that came out in 2019, everybody—we've all kind of scratched your head. I'm like, really [laugh]?Corey: Yeah, I could see where it makes some sense just for very specific workloads that involve things like specific capabilities of processors that don't work under emulation in some weird way, but it's also such a weird niche that I'm sure it's there for someone. My default assumption, just given the breadth of AWS's customer base, is that whenever I see something that they just announced, well, okay, it's clearly not for me; that doesn't mean it's not meeting the needs of someone who looks nothing like me. But increasingly as I start exploring the industry in these services have time to percolate in the popular imagination and I still don't see anything interesting coming out with it, it really makes you start to wonder.Evelyn: Yeah. But then, like, I think, like, roughly a year or something, right after Bare Metal came out, they announced Outposts. So, then it was like, another way to just stay within your data center and be in the cloud.Corey: Yeah. There's a bunch of different ways they have that, okay, here's ways you can run AWS services on-prem, but still pay us by the hour for the privilege of running things that you have living in your facility. And that doesn't seem like it's quite fair.Evelyn: That's exactly it. So, I feel like now it's sort of in diminishing returns and sort of doing more cloud-native work compared to, you know, these huge opportunities, which is everybody who still has a data center for various reasons, or they're cloud-native, and they grow so big, that they actually start running their own data centers.Corey: I want to call out as well before we wind up being accused of being oblivious, that we're recording this before re:Invent. So, it's entirely possible—I hope this happens—that they announce something or several some things that make this look ridiculous, and we're embarrassed to have had this conversation. And yeah, they're totally getting it now, and they have completely surprised us with stuff that's going to be transformative for almost every customer. I've been expecting and hoping for that for the last three or four re:Invents now, and I haven't gotten it.Evelyn: Yeah, that's right. And I think there's even a new service launches that actually are missing fairly obvious things in a way. Like, mine is the Managed Workflow for Amazon—it's Managed Airflow, sorry. So, we were using Data Pipeline for, you know, big ETL processing, so it was an in-house tool we kind of built at Autoscout, we do platform engineering.And it was deprecated, so we looked at a new—what to replace it with. And so, we looked at Airflow, and we decided this is the way to go, we want to use managed because we don't want to maintain our own infrastructure. And the problem we ran into is that it doesn't have support for shared VPCs. And we actually talked to our account team, and they were confused. Because they said, like, “Well, every new service should support it natively.” But it just didn't have it. And that's, kind of, what, I kind of found is, like, there's—it feels—sometimes it's—there's a—it's getting rushed out the door, and it'll actually have a new managed service or new service launched out, but they're also sort of cutting some corners just to actually make sure it's packaged up and ready to go.Corey: When I'm looking at this, and seeing how this stuff gets packaged, and how it's built out, I start to understand a pattern that I've been relatively down on across the board. I'm curious to get your take because you work at a fairly sizable company as an engineering manager, running teams of people who do this sort of thing. Where do you land on the idea of companies building internal platforms to wrap around the offerings that the cloud service providers that they use make available to them?Evelyn: So, my opinion is that you need to build out some form of standardized tool set in order to actually be able to innovate quickly. Now, this sounds counterintuitive because everyone is like, “Oh, you know, if I want to innovate, I should be able to do this experiment, and try out everything, and use what works, and just release it.” And that greatness [unintelligible 00:23:14] mentality, you know, it's like five talented engineers working to build something. But when you have, instead of five engineers, you have five teams of five engineers each, and every single team does something totally different. You know, one uses Scala, and other on TypeScript, another one, you know .NET, and then there could have been a [last 00:23:30] one, you know, comes in, you know, saying they're still using Ruby.And then next thing you know, you know, you have, like, incredibly diverse platforms for services. And if you want to do any sort of like hiring or cross-training, it becomes incredibly difficult. And actually, as the organization grows, you want to hire talent, and so you're going to have to hire, you know, a developer for this team, you going to have to hire, you know, Ruby developer for this one, a Scala guy here, a Node.js guy over there.And so, this is where we say, “Okay, let's agree. We're going to be a Scala shop. Great. All right, are we running serverless? Are we running containerized?” And you agree on those things. So, that's already, like, the formation of it. And oftentimes, you start with DevOps. You'll say, like, “I'm a DevOps team,” you know, or doing a DevOps culture, if you do it properly, but you always hit this scaling issue where you start growing, and then how do you maintain that common tool set? And that's where we start looking at, you know, having a platform… approach, but I'm going to say it's Platform-as-a-Product. That's the key.Corey: Yeah, that's a good way of framing it because originally, the entire world needed that. That's what RightScale was when EC2 first came out. It was a reimagining of the EC2 console that was actually usable. And in time, AWS improved that to the point where RightScale didn't really have a place anymore in a way that it had previously, and that became a business challenge for them. But you have, what is it now, 2, 300 services that AWS has put out, and out, and okay, great. Most companies are really only actively working with a handful of those. How do you make those available in a reasonable way to your teams, in ways that aren't distracting, dangerous, et cetera? I don't know the answer on that one.Evelyn: Yeah. No, that's true. So, full disclosure. At AutoScout, we do platform engineering. So, I'm part of, like, the platform engineering group, and we built a platform for our product teams. It's kind of like, you need to decide to [follow 00:25:24] those answers, you know? Like, are we going to be fully containerized? Okay, then, great, we're going to use Fargate. All right, how do we do it so that developers don't actually—don't need to think that they're running Fargate workloads?And that's, like, you know, where it's really important to have those standardized abstractions that developers actually enjoy using. And I'd even say that, before you start saying, “Ah, we're going to do platform,” you say, “We should probably think about developer experience.” Because you can do a developer experience without a platform. You can do that, you know, in a DevOps approach, you know? It's basically build tools that makes it easy for developers to write code. That's the first step for anything. It's just, like, you have people writing the code; make sure that they can do the things easily, and then look at how to operate it.Corey: That sure would be nice. There's a lack of focus on usability, especially when it comes to a number of developer tools that we see out there in the wild, in that, they're clearly built by people who understand the problem space super well, but they're designing these things to be used by people who just want to make the website work. They don't have the insight, the knowledge, the approach, any of it, nor should they necessarily be expected to.Evelyn: No, that's true. And what I see is, a lot of the times, it's a couple really talented engineers who are just getting shit done, and they get shit done however they can. So, it's basically like, if they're just trying to run the website, they're just going to write the code to get things out there and call it a day. And then somebody else comes along, has a heart attack when see what's been done, and they're kind of stuck with it because there is no guardrails or paved path or however you want to call it.Corey: I really hope—truly—that this is going to be something that we look back and laugh when this episode airs, that, “Oh, yeah, we just got it so wrong. Look at all the amazing stuff that came out of re:Invent.” Are you going to be there this year?Evelyn: I am going to be there this year.Corey: My condolences. I keep hoping people get to escape.Evelyn: This is actually my first one in, I think, five years. So, I mean, the last time I was there was when everybody's going crazy over pins. And I still have a bag of them [laugh].Corey: Yeah, that did seem like a hot-second collectable moment, didn't it?Evelyn: Yeah. And then at the—I think, what, the very last day, as everybody's heading to re:Play, you could just go into the registration area, and they just had, like, bags of them lying around to take. So, all the competing, you know, to get the requirements for a pin was kind of moot [laugh].Corey: Don't you hate it at some point where it's like, you feel like I'm going to finally get this crowning achievement, it's like or just show up at the buffet at the end and grab one of everything, and wow, that would have saved me a lot of pain and trouble.Evelyn: Yeah.Corey: Ugh, scavenger hunts are hard, as I'm about to learn to my own detriment.Evelyn: Yeah. No, true. Yeah. But I am really hoping that re:Invent proves me wrong. Embarrassingly wrong, and then all my colleagues can proceed to mock me for this ridiculous podcast that I made with you. But I am a fierce skeptic. Optimistic nihilist, but still a nihilist, so we'll see how re:Invent turns out.Corey: So, I am curious, given your experience at more large companies than I tend to be embedded with for any period of time, how have you found that these large organizations tend to pick up new technologies? What does the adoption process look like? And honestly, if you feel like throwing some shade, how do they tend to get it wrong?Evelyn: In most cases, I've seen it go… terrible. Like, it just blows up in their face. And I say that is because a lot of the time, an organization will say, “Hey, we're going to adopt this new way of organizing teams or developing products,” and they look at all the practices. They say, “Okay, great. Product management is going to bring it in, they're going to structure things, how we do the planning, here's some great charts and diagrams,” but they don't really look at the culture aspect.And that's always where I've seen things fall apart. I've been in a room where, you know, our VP was really excited about team topologies and say, “Hey, we're going to adopt it.” And then an engineering manager proceeded to say, “Okay, you're responsible for this team, you're responsible for that team, you're responsible for this team talking to, like, a team of, like, five engineers,” which doesn't really work at all. Or, like, I think the best example is DevOps, you know, where you say, “Ah, we're going to adopt DevOps, we're going to have a DevOps team, or have a DevOps engineer.”Corey: Step one: we're going to rebadge everyone with existing job titles to have the new fancy job titles that reflect it. It turns out that's not necessarily sufficient in and of itself.Evelyn: Not really. The Spotify model. People say, like, “Oh, we're going to do the Spotify model. We're going to do skills, tribes, you know, and everything. It's going to be awesome, it's going to be great, you know, and nice, cross-functional.”The reason I say it bails on us every single time is because somebody wants to be in control of the process, and if the process is meant to encourage collaboration and innovation, that person actually becomes a chokehold for it. And it could be somebody that says, like, “Ah, I need to be involved in every single team, and listen to know what's happening, just so I'm aware of it.” What ends up happening is that everybody differs to them. So, there is no collaboration, there is no innovation. DevOps, you say, like, “Hey, we're going to have a team to do everything, so your developers don't need to worry about it.” What ends up happening is you're still an ops team, you still have your silos.And that's always a challenge is you actually have to say, “Okay, what are the cultural values around this process?” You know, what is SRE? What is DevOps, you know? Is it seen as processes, is it a series of principles, platform, maybe, you know? We have to say, like—that's why I say, Platform-as-a-Product because you need to have that product mindset, that culture of product thinking, to really build a platform that works because it's all about the user journey.It's not about building a common set of tools. It's the user journey of how a person interacts with their code to get it into a production environment. And so, you need to understand how that person sits down at their desk, starts the laptop up, logs in, opens the IDE, what they're actually trying to get done. And once you understand that, then you know your requirements, and you build something to fill those things so that they are happy to use it, as opposed to saying, “This is our platform, and you're going to use it.” And they're probably going to say, “No.” And the next thing, you know, they're just doing their own thing on the side.Corey: Yeah, the rise of Shadow IT has never gone away. It's just, on some level, it's the natural expression, I think it's an immune reaction that companies tend to have when process gets in the way. Great, we have an outcome that we need to drive towards; we don't have a choice. Cloud empowered a lot of that and also has given tools to help rein it in, and as with everything, the arms race continues.Evelyn: Yeah. And so, what I'm going to continue now, kind of like, toot the platform horn. So, Gregor Hohpe, he's a [solutions architect 00:31:56]—I always f- up his name. I'm so sorry, Gregor. He has a great book, and even a talk, called The Magic of Platforms, that if somebody is actually curious about understanding of why platforms are nice, they should really watch that talk.If you see him at re:Invent, or a summit or somewhere giving a talk, go listen to that, and just pick his brain. Because that's—for me, I really kind of strongly agree with his approach because that's really how, like, you know, as he says, like, boost innovation is, you know, where you're actually building a platform that really works.Corey: Yeah, it's a hard problem, but it's also one of those things where you're trying to focus on—at least ideally—an outcome or a better situation than you currently find yourselves in. It's hard to turn down things that might very well get you there sooner, faster, but it's like trying to effectively cargo-cult the leadership principles from your last employer into your new one. It just doesn't work. I mean, you see more startups from Amazonians who try that, and it just goes horribly because without the cultural understanding and the supporting structures, it doesn't work.Evelyn: Exactly. So, I've worked with, like, organizations, like, 4000-plus people, I've worked for, like, small startups, consulted, and this is why I say, almost every single transformation, it fails the first time because somebody needs to be in control and track things and basically be really, really certain that people are doing it right. And as soon as it blows up in their face, that's when they realize they should actually take a step back. And so, even for building out a platform, you know, doing Platform-as-a-Product, I always reiterate that you have to really be willing to just invest upfront, and not get very much back. Because you have to figure out the whole user journey, and what you're actually building, before you actually build it.Corey: I really want to thank you for taking the time to speak with me today. If people want to learn more, where's the best place for them to find you?Evelyn: So, I used to be on Twitter, but I've actually got off there after it kind of turned a bit toxic and crazy.Corey: Feels like that was years ago, but that's beside the point.Evelyn: Yeah, precisely. So, I would even just say because this feels like a corporate show, but find me on LinkedIn of all places because I will be sharing whatever I find on there, you know? So, just look me up on my name, Evelyn Osman, and give me a follow, and I'll probably be screaming into the cloud like you are.Corey: And we will, of course, put links to that in the show notes. Thank you so much for taking the time to speak with me. I appreciate it.Evelyn: Thank you, Corey.Corey: Evelyn Osman, engineering manager at AutoScout24. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, and I will read it once I finish building an internal platform to normalize all of those platforms together into one.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business, and we get to the point. Visit duckbillgroup.com to get started.
We've had amazing unicorn CEOs recently on this podcast but today's a first. Wade Foster, CEO and co-founder of Zapier grew his company to a $5B valuation in 2021 on a $1.3M raise in 2012. Let that sink in. The power of product-market fit and listening to your customers is impossible to overstate.Wade and his co-founders Bryan and Mike launched Zapier in 2012 as part of the YC S12 batch.The company has grown to more 800 employees in 40 countries and the product is used by 2.2M businesses and integrates more than 5,000 apps that have been used to create more than 25 million zaps, or automated workflows.Listen and learn...Wade's humble path from an internship in Columbia, MO... to a $5B unicornA simple problem: the Zapier origin storyThe Zap that started it all...Voice-first Zaps? Maybe!The future of the "citizen developer"... no-code interfaces + enterprise securityWhy all the new GenAI apps will create more need for ZapsThe Zapier LLM architectureHow to find product-market fit... from an expertCreating a company that's a verb: how "Zapier" got its nameWade reflects on his success and the entrepreneurial journeyWhat's ahead for Wade and ZapierReferences in this episode...Vijay Tella, Workato CEO, on AI and the Future of WorkAmr Awadallah, Vectara CEO, on AI and the Future of WorkChatGPT for the enterprise: what's included
It's the last episode of the year, and it's very hard to break tradition! Maya and Pilar talk through some of the recent stories around remote work and the world of work and try to make up their minds as to whether we're moving forward or backwards… Just as they've been doing over the last three months, Maya and Pilar comment on this month's guest, Valentina Thörner the Empress of Remote! What was particularly memorable was her tiara story (of course!) and the way in which she continues to advocate for experimentation at every level in the organisation. (To hear Valentina talking about the two axis of remote work (location and schedule), check out episode 342.) 09.25 MINS There is a danger of organisations being seen to be discriminating against certain employees if they make them go back to the office. Legally things are not that clear cut. This article from October showed the need for organisations to understand the implications fully: Case update: employers must do their homework before making ‘back to the office' decisions. 12.52 MINS One example of the world of work moving backwards is this guidance by the UK government against a four-day work week in local authorities. Note the lack of evidence to support it: “it does not believe that it delivers local taxpayers' value for money.” At 16.00 MINS, Pilar brings in an example of the voiceover industry, which makes it clear that being able to work remotely might continue to perpetuate an “always on” culture. This might all sound like our hosts are in a negative state of mind, but maybe this is something that also applies to listeners? Maybe they are seeking information to navigate the more difficult facets of the modern work environment. The most popular episodes have focused on terminations (333), conflict (331), The upside and downsides of creativity and productivity (330)… But also some more uplifting ones like Effective Manager Mindset for Global Virtual Teams (315) and one on visibility and transparency in leadership with Mark Kilby (321). On the moving forwards side… 21.12 MINS Discussing Buffer's "State of Remote Work 2023" report, Pilar and Maya note a surprising trend: more remote workers now feel that working remotely has a positive impact on their career growth. This contradicts the common belief that remote work might hinder career advancement. 27.00 MINS We couldn't end our reflections on 2023 without talking about Generative AI. We already did an episode on AI in November 2019 (https://www.virtualnotdistant.com/podcasts/artificial-intelligence ), so it's something we've always kept an eye out on. Now that Generative AI is being integrated into everyday tools and is more accessible, what's going on in organisations? Check out Salesforce's recent research which shows that More than Half of Generative AI Adopters Use Unapproved Tools at Work. (Does it remind you of how remote teams in organisations often use Shadow IT?) Generative AI is being used widely by all sorts of professionals, and a few months ago, Amazon had to cap the number of books that authors could upload daily, as GenAI was being used to crank up books. Speaking of which… Pilar has co-written a book with Chat GPT. “The Remote Worker's Guide to Time Management” will be out in all formats in January, but the Kindle version is already out for pre-order. 40.10 MINS If you don't want to read a book co-created with a bot, then maybe you'd like to chat to humans? The doors to the brand new community of Remote Work Europe are now open! There's been a rise in closed online communities as social media has become noisy and unreliable. Maya embraces this and has set up Remote Work Europe Connected for remote workers of all kinds who are looking for a space to seek help, connection and inspiration. That's it from us this year, we hope you enjoyed our 2023 What's Going On episodes!
How did the 2001 dotCom bubble burst lead to the 2008 housing crisis and how did it impact the technology markets? And the OpenAI Coup-oops!SHOW: 774CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW SPONSORS:Learn More About Azure Offerings : Learn more about Azure Migrate and Modernize & Azure Innovate!Azure Free Cloud Resource Kit : Step-by-step guidance, resources and expert advice, from migration to innovation.Code Comments - An original podcast from Red Hat (Season 2)Adjusting to new technology, from teams that have been through itFind "Breaking Analysis Podcast with Dave Vellante" on Apple, Google and SpotifyKeep up to data with Enterprise Tech with theCUBESHOW NOTES:Telecom companies crash after 2001History of Google Ads The Fiber Optics market crashed Massive competition to be the “hosting service provider”A BRIEF SUMMARY OF THE OPEN AI COUP ATTEMPTSam Altman (CEO) got fired, then returnedHOW DID DOTCOM BUBBLE LEAD TO HOUSING CRASH AND CLOUD?Google made Internet advertising available to every businessSaaS companies emerge, to replace core business functionsThe “sharing economy” took off (music, pictures, blogs, etc.)Shadow IT caused problems for Corporate ITFEEDBACK?Email: show at the cloudcast dot netTwitter: @thecloudcastnet
In this episode of Enterprising Insights, host Keith Kirkpatrick, Research Director, Enterprise Applications, at The Futurum Group, discusses the topic of tech stack sprawl, focusing specifically on the proliferation of multiple enterprise applications within an organization. He covers the conditions that lead to sprawl, the risks and drawbacks of acquiring and implementing a wide range of applications, and highlights the offerings from vendors that are designed to reduce or eliminate sprawl. He also covers some recent news and newsmakers in the customer experience software market. Finally, he'll close out the show with the “Rant or Rave” segment, where he picks one item in the market, and he'll either champion or criticize it.
Dive into the depths of Shadow IT and learn how Spin.AI's innovative solutions are safeguarding businesses against the hidden risks of third-party applications. Cloud N Clear episode 167 digs into the story behind SADA SaaS Alliance Partner Spin.AI and their work on mission-critical applications that provide asset & risk management value. Join us in this engaging episode, and don't forget to LIKE, SHARE, & SUBSCRIBE for more enlightening content! ✅
On this week's episode, we delve into a topic that's a bit closer to home for us at TTLP and bedigital: IT software and licensing. Combining bedigital's expert software services and our TTLP mission statement to uncover the stories of the biggest names in tech, this week's guest is a leader in the software management space. Phil Hames, MD at The Business Software Centre (TBSC), joins Gareth to discuss his entrepreneurial journey and how he's riding the wave of the Software-as-a-Service evolution. Phil and his team at TBSC utilise their expertise to help customers optimise their software usage in a quick and cost-effective way, ensuring that companies make the most of their SaaS. With an innovative focus on cybersecurity within Microsoft 365, TBSC's unique products and services mean that they're leaders in the software management industry. Having been in this field since the 80s, Phil's career has been shaped by the rise of SaaS and his career journey to forming TBSC has proven that he truly is an expert in the space. Want to smarten up your knowledge on SaaS? Then this is the perfect episode for you! Time stamps What does good leadership mean to Phil? (02:04) Setting up a software company (02:46) The evolution of Software-as-a-Service (09:95) The future of SaaS (11:55) The cybersecurity threats that are slipping through the net (14:33) What is Shadow IT? (16:42) Starting out as an entrepreneur (20:08) What is Smarter SaaS? (24:04) Phil's outlook on AI (32:54) Advice to 21-year-old self (36:15) Book recommendation- The Strangest Secret, Earl Nightingale The Strangest Secret: Amazon.co.uk: Nightingale, Earl: 9781603865579: Books
Summary All software systems are in a constant state of evolution. This makes it impossible to select a truly future-proof technology stack for your data platform, making an eventual migration inevitable. In this episode Gleb Mezhanskiy and Rob Goretsky share their experiences leading various data platform migrations, and the hard-won lessons that they learned so that you don't have to. Announcements Hello and welcome to the Data Engineering Podcast, the show about modern data management Introducing RudderStack Profiles. RudderStack Profiles takes the SaaS guesswork and SQL grunt work out of building complete customer profiles so you can quickly ship actionable, enriched data to every downstream team. You specify the customer traits, then Profiles runs the joins and computations for you to create complete customer profiles. Get all of the details and try the new product today at dataengineeringpodcast.com/rudderstack (https://www.dataengineeringpodcast.com/rudderstack) Modern data teams are using Hex to 10x their data impact. Hex combines a notebook style UI with an interactive report builder. This allows data teams to both dive deep to find insights and then share their work in an easy-to-read format to the whole org. In Hex you can use SQL, Python, R, and no-code visualization together to explore, transform, and model data. Hex also has AI built directly into the workflow to help you generate, edit, explain and document your code. The best data teams in the world such as the ones at Notion, AngelList, and Anthropic use Hex for ad hoc investigations, creating machine learning models, and building operational dashboards for the rest of their company. Hex makes it easy for data analysts and data scientists to collaborate together and produce work that has an impact. Make your data team unstoppable with Hex. Sign up today at dataengineeringpodcast.com/hex (https://www.dataengineeringpodcast.com/hex) to get a 30-day free trial for your team! Your host is Tobias Macey and today I'm interviewing Gleb Mezhanskiy and Rob Goretsky about when and how to think about migrating your data stack Interview Introduction How did you get involved in the area of data management? A migration can be anything from a minor task to a major undertaking. Can you start by describing what constitutes a migration for the purposes of this conversation? Is it possible to completely avoid having to invest in a migration? What are the signals that point to the need for a migration? What are some of the sources of cost that need to be accounted for when considering a migration? (both in terms of doing one, and the costs of not doing one) What are some signals that a migration is not the right solution for a perceived problem? Once the decision has been made that a migration is necessary, what are the questions that the team should be asking to determine the technologies to move to and the sequencing of execution? What are the preceding tasks that should be completed before starting the migration to ensure there is no breakage downstream of the changing component(s)? What are some of the ways that a migration effort might fail? What are the major pitfalls that teams need to be aware of as they work through a data platform migration? What are the opportunities for automation during the migration process? What are the most interesting, innovative, or unexpected ways that you have seen teams approach a platform migration? What are the most interesting, unexpected, or challenging lessons that you have learned while working on data platform migrations? What are some ways that the technologies and patterns that we use can be evolved to reduce the cost/impact/need for migraitons? Contact Info Gleb LinkedIn (https://www.linkedin.com/in/glebmezh/) @glebmm (https://twitter.com/glebmm) on Twitter Rob LinkedIn (https://www.linkedin.com/in/robertgoretsky/) RobGoretsky (https://github.com/RobGoretsky) on GitHub Parting Question From your perspective, what is the biggest gap in the tooling or technology for data management today? Closing Announcements Thank you for listening! Don't forget to check out our other shows. Podcast.__init__ (https://www.pythonpodcast.com) covers the Python language, its community, and the innovative ways it is being used. The Machine Learning Podcast (https://www.themachinelearningpodcast.com) helps you go from idea to production with machine learning. Visit the site (https://www.dataengineeringpodcast.com) to subscribe to the show, sign up for the mailing list, and read the show notes. If you've learned something or tried out a project from the show then tell us about it! Email hosts@dataengineeringpodcast.com (mailto:hosts@dataengineeringpodcast.com)) with your story. To help other people find the show please leave a review on Apple Podcasts (https://podcasts.apple.com/us/podcast/data-engineering-podcast/id1193040557) and tell your friends and co-workers Links Datafold (https://www.datafold.com/) Podcast Episode (https://www.dataengineeringpodcast.com/datafold-proactive-data-quality-episode-205/) Informatica (https://www.informatica.com/) Airflow (https://airflow.apache.org/) Snowflake (https://www.snowflake.com/en/) Podcast Episode (https://www.dataengineeringpodcast.com/snowflakedb-cloud-data-warehouse-episode-110/) Redshift (https://aws.amazon.com/redshift/) Eventbrite (https://www.eventbrite.com/) Teradata (https://www.teradata.com/) BigQuery (https://cloud.google.com/bigquery) Trino (https://trino.io/) EMR == Elastic Map-Reduce (https://aws.amazon.com/emr/) Shadow IT (https://en.wikipedia.org/wiki/Shadow_IT) Podcast Episode (https://www.dataengineeringpodcast.com/shadow-it-data-analytics-episode-121) Mode Analytics (https://mode.com/) Looker (https://cloud.google.com/looker/) Sunk Cost Fallacy (https://en.wikipedia.org/wiki/Sunk_cost) data-diff (https://github.com/datafold/data-diff) Podcast Episode (https://www.dataengineeringpodcast.com/data-diff-open-source-data-integration-validation-episode-303/) SQLGlot (https://github.com/tobymao/sqlglot) Dagster (dhttps://dagster.io/) dbt (https://www.getdbt.com/) The intro and outro music is from The Hug (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/Love_death_and_a_drunken_monkey/04_-_The_Hug) by The Freak Fandango Orchestra (http://freemusicarchive.org/music/The_Freak_Fandango_Orchestra/) / CC BY-SA (http://creativecommons.org/licenses/by-sa/3.0/)