Artificial Intelligence (AI) is a growing part of our daily lives. We interact with Siri on our iPhones, we order Amazon products with Alexa and soon we’ll be trusting our cars to safely drive us to our destinations. Now we also have AI helping us write software code by interpreting and delivering solutions by predicting developers’ intention for code. The AI can offer robust code options, complete code snippets, classes, and methods. This is a much more robust contribution and collaboration than a suggested path. It helps you write complete code blocks.

How do we get an AI model that writes code for us? 

Artificial Intelligence is the result of repetitive Machine Learning (ML) using a large dataset. A facial recognition AI, for example, is the result of ML pouring over millions of images of human and animal faces. The success and failure to recognize a human face is tracked and shapes the next repetition of testing.

Similarly, to predict what a developer is going to need for his next line of code the AI would need ML from a large variety of software code. Comparing software code written in different programming languages would also improve the quality of the AI’s code recommendation. GitHub is arguably the largest data store for a variety of software code written in almost every programming language. GitHub has leveraged its vast inclusive content to create an exclusive AI code completion tool called CoPilot.

The controversy of using an AI code completion

Simple code recommendation tools, like Intellisense, have been part of developer toolkits for decades. A more complete AI-driven service as a software substitute has stirred emotional, ethical, and legal concerns.

Job Threat - Software development takes education and years of experience to become proficient. Some software developers could look at AI-written code as a threat to their job or that their expertise is being undervalued. When considering an AI tool to write software, be sure to consider the broader impact on morale and the unity of the development team. It may be a good fit for the team and another tool to use. It could also be a source of resentment and dissolve productivity in highly functional teams.

Exclusive Service Created from Inclusive Community Content - An AI-driven Service as a Software Substitute tool is leveraging available big data to give their AI enough training to be a reliable solution. In his paper ‘Copilot, Copying, Commons, Community, Culture’ Robert F.J. Seddon compares the four conceptions (i) of community written by Peter Dahos - ‘A Philosophy of Intellectual Property” (ii). Since GitHub is arguably the largest repository of publicly available software, it is a resource provided by an inclusive community. When the owner of that inclusive content leverages it into a commodity (a product) it becomes an exclusive resource immediately limiting access to the inclusive community.

Untested Legal Position on Intellectual Rights - If you use an AI-powered code completion tool that has a model built from a public, open-source software, how can this AI-created code be used for commercial solutions? Can this code be merged into an enterprise intellectual property?

In the July 2021 article ‘Analyzing the Legal Implications of GitHub Copilot’ (iii) the FOSSA team interviewed an Intellectual Property lawyer to get answers to these questions. In this article, the lawyer gave a great example of how Google provides sample content from millions of books it has indexed. It was ruled that Google was not infringing on the copyrighted material because a small sample of the material was made available. Comparing that to a code completion tool, it is not providing a complete body of work, only a small section of it.

But you should still be cautious using an AI to provide code completion. “I’d caution anyone using Copilot right now to help write code to pay close attention to the nature of Copilot’s suggestions,” Downing says. “To the extent you see a piece of suggested code that’s very clearly regurgitated from another source — perhaps it still has comments attached to it, for example — use your common sense and don’t use those kinds of suggestions.”

The Future Of AI
The development of AI tools is accelerating at an exponential rate. You can expect it to become more integrated with your personal and work activities. As more samples of big data become available, there are more opportunities to train an AI solution. One prediction I have for an AI tool: A solution that would interrogate an entire enterprise, examining internal file systems, code repositories and network topology then create workflow documentation, offering process improvement recommendations along the way.

Conclusion

I enjoy pair-programming with another developer but if that’s not an option I would consider an AI tool to get a feeling of collaboration during the development process. For some teams, it could be the support a developer needs to be productive.

As a developer, I don’t feel my job is at risk from AI-written code because there is high demand for skilled developers. I see it as a tool, similar to Intellisense, that would help me get the job done.

I know AI-written code raises moral concerns around inclusive vs. exclusive communities. The developer community needs to guard against abusive behavior from companies commoditizing on open and inclusive resources.

References

(i) Copilot, Copying, Commons, Community, Culture

by Robert F.J. Seddon, honorary fellow of University of Durham

https://www.fsf.org/licensing/copilot/copilot-copying-commons-community-culture

(ii) Drahos, Peter. A Philosophy of Intellectual Property. 1996, Dartmouth, pp. 67-70

https://www.researchgate.net/publication/304514536_A_Philosophy_of_Intellectual_Property

(iii) “Analyzing the Legal Implications of GitHub Copilot” - FOSSA 7/14/2021

https://fossa.com/blog/analyzing-legal-implications-github-copilot/

• 
  

• As we near the end of the third quarter of 2022, it would not be an understatement to say the state of the software development industry remains red hot across the U.S. As I considered how to capture some of that momentum and provide some insight into something as large and complex as the state of software development I was reminded of an important article from the past. On August 20, 2011, Marc Andreesen published a piece in the Wall Street Journal that for many in the business and technology world would become a rallying cry, “Why Software is Eating the World”. In this article, he focused on what many were not as sure of then, as we are today, which is the impact software, software companies, and the start-up companies of that day would forever change the world in which we live and the businesses that many of us work for. (This article can still be found reprinted on his website, a16z.com) The insights still very much hold up today in 2022 which is why I will use it to frame up the current state of software development here in the Midwest as well as across most of the world. Here are just a few of the insights from that article that hold relevance for us in 2022.

  “We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy.”

  “Software is also eating much of the value chain of industries that are widely viewed as primarily existing in the physical world.”

  “Many people in the U.S. and around the world lack the education and skills required to participate in the great new companies coming out of the software revolution.”

  Is it hard to imagine that Apple, Amazon, and Alphabet are far from done taking over large swathes of the economy in 2022? While it is still early in the value shift from physical world to virtual we have plenty of samples of this evolution to reference in the last eleven years. FedEx, is now thought of more as a software network that happens to have trucks, planes and distribution hubs attached as an example. How many more physical value chains of industries do you experience weekly that are still in need of a little software revolution? ​Lastly, ​we can still see in ​today's ​news ​headlines that Mr. Andreesen’s concerns ​about the lack of education and skills required to participate in the evolving often software centric economy remains a pressing concern. While those headlines are often about security and privacy issues related to software, they also often highlight the challenges around education and skills gaps in many communities and often across a wide spectrum of people from the youngest to the oldest and the richest to the poorest.

  Here are some additional data points on just the education and skills area and why the last eleven years may have only been the first course in eating the world. This data also provides insight, that even bigger opportunities and challenges lay ahead for software and software development.

• • A shortage of experienced developers continues

In May of this year, the US Bureau of Labor Statistics showed that employer job postings for tech roles reached "a record high", led by new hiring in IT services and software development. Year over year through this same time there was a 52% increase in postings for tech roles with Full Stack Engineers among the most popular title.

Year over Year salary increases through the first half of 2022 remain on a growth fast track. Depending on what part of the US you are living, Hire.com and other sources report salary increases ranging from 7-14% year over year increase and on top of just as robust increases in 2021.

As of July, as many as 26% of the 20 million Americans who quit their jobs in the first five months of this year say they regret that decision according to many surveys. While the numbers for software development I would assume may be lower here given the white-hot salary numbers, it’s a trend to watch also in this space. Given the large, recent layoffs and hiring freezes within technology companies, could there be a Great Regret creeping into the software labor force?

I would like to end with this thought as we sit here in August of 2022. Software is a broad and reaching subject that we all should continue to seek to understand not only from the business perspective. Better understanding how the new generation of developers and technology companies are doing what they do, to what the broader consequences are for businesses and the economy all will remain important investments of our time. By better understanding these and other areas of this layer of the technology industry can we help ensure not only the health of our industry and that of our business community, but also to help ensure better participation for all that it will impact.

As many businesses approach budget season, the truth rears its ugly head again – the business needs 15 projects completed in the next year and the team has capacity for 8. So, you get together with business leaders, you prioritize, make half the room angry, and then because you’ve committed so much, your teams have little-to-no chance of actually delivering the projects you’ve outlined. This painful process repeats itself every year.

The good news is that this isn’t unique to your business. This pattern repeats itself across nearly every IT and development organization. The frustration mounts the same way in nearly every business leader. The math simply does not work – the work exceeds the capacity.

So, we try bonus structures and tightening down the screws but none of it works for long. And of course, we want to hold off on hiring so we need a different approach.

Fortunately, there are some things you can do, so let’s get started:

1. Master Motivation

Something like 60% of all corporate employees are disengaged. No org is immune. This statistic gets cited all the time and shows up in a number of articles. Here’s one that discusses a 38% engagement rate. It’s a pervasive and hidden issue, so let’s try to make it more tangible:

An engagement rate of 38% on a team of 25 people means that 9.5 people are fully engaged.

If the engagement rate increases just 8 points (46%), it means 11.5 people are fully engaged.

That’s the equivalent of hiring 2 people!

Author, Daniel Pink wrote an incredible book on engagement titled “Drive”, that’s a must-read for every leader responsible for engineering teams. Pink’s research showed that humans aren’t motivated by money nearly as much as by having Autonomy, Mastery, and Purpose in their work. When we create environments where people have autonomy, mastery, and purpose, we create environments that lead to engagement. How do we do this?

Autonomy

Leaders who excel at creating autonomy focus on two things: trust and courage. Trust in your team to let them make tech and product decisions in their local context, without significant oversight from you (or another leader). Then, the courage to stick through it and let them make a mistake. It’s like the first time you let your 16-year-old drive on the highway by themselves (a reality in my life right now). Autonomy takes trust and courage.

Mastery

Excelling at mastery requires investment. Financial investment helps, but this one is really about time. Investing time every quarter to allow teams to develop skills (in a SAFe environment, this might be during the IP sprint). Throughout the year, encourage people to take on some new tech and then encourage pairing with someone who already knows the tech. They’ll be slower at first, but as skills develop, you’ll have two people that are masters at the new tech and the org will be twice as fast.

Purpose

Why do people work for your organization? To make money for the business? Doubtful. Making money for the org just doesn’t motivate most people. To make money for themselves? Again, doubtful – you’re probably already paying your engineers more than the money required for happiness (that number is currently $95,000).

People’s deepest purpose is to help others. Purpose provides us with the good feeling of having made the world a better place.

There are two keys to driving purpose: Stories, and Frequency. We must share authentic, believable stories about how our work improves the world and then we must talk about them frequently. Stories are the currency of Purpose.

If you work at a bank, it’s tempting to talk about revenue, but it’s more motivating to talk about helping a family achieve the dream of owning a home by providing a mortgage for them.

If you work at a Consumer Goods company, it might be easy to talk about sales goals, but it’s more motivating to share stories of moms who struggled before using your product and now have a changed life because of it.

2. Become a Culture Curator

We all know that “culture eats strategy for breakfast” but if we look at the past 6 weeks and are honest with ourselves, how much effort have we put into culture? How much to strategy? We have to wonder if the focus on strategy is ruining the breakfast.

The number one job of every leader in a development organization is to create and curate a culture. Every word, every thought, every idea you have should propel the culture in a direction that helps to accomplish the goals of the organization. If the culture needs to be more entrepreneurial, then immersing yourself in the entrepreneurial culture of startup software companies and reflecting that in decisions you make must become a core part of the way you operate.

Leaders’ roles are to eat, sleep, and breathe the culture we’d like to see embodied in our organization. The more we do that, the more we’ll create that culture in our people and our companies.

3. Become a Servant-Leader

Scrum and Agile flipped the script on leadership and it makes the world a significantly better place. Leaders who serve their teams win their hearts, gain their trust, and build more committed teams. As a senior leader, this is what servant-leadership looks like:

●      Asking your teams what help looks like and then doing that for them.

●      Starting every meeting by asking for the room’s thoughts on what should be covered (instead of driving your own agenda)

●      Coaching an employee who shows that they need it and welcomes it.

It may take some time but mastering motivation, curating culture, and becoming a servant leader are very effective ways to increase development capacity. Along the way, you’ll become a better leader and create an even more high-performing organization.

By: Cassie Barlow, President, SOCHE

The times are changing in the world of talent attraction and management…..has anyone noticed?  Who hasn’t seen a help wanted sign in the last few weeks? We have all noticed the changes and we are also all trying to figure out how we can recraft our workforce strategy in response.

The experts in the field of talent, workforce and organizational development are all trying to understand the needs of employers and employees while examining best practices in order to offer the best ways to engage and retain talent.  Here are a few thoughts on what is trending in the field and some tips that may help your company find the workforce that you need and keep them engaged and on the job for many years. 

If you are one of the companies who have lost great talent over the last 18 months, join the club.  The loss of this talent along with the dearth of new talent in the marketplace has led many employers to take a very close look at their workforce strategy, organizational design, structure, salaries, benefits, and job descriptions. Now is the time to examine your internal talent, organizational structure and design and figure out what are the most important tasks that need to be accomplished and the best way to group these tasks into job descriptions. This is also a great time to examine the diversity of your current team and develop some intentional steps to attract and recruit a more diverse group of employees. The research on team performance has indicated repeatedly that team effectiveness, innovation and efficiency improve with diverse teams.  There may be opportunities in your company to upskill current employees, to combine job descriptions, to rescope job descriptions, to staff positions with employees at a different level and to look at outsourcing.  This is an important first step before trying to operate in the same way that you did a few years ago.

Attracting and hiring new employees is just one part of the talent equation. The trends in employee engagement and retention are also a different landscape from previous years. Professional development is a critical focus area for many employers and an expectation from employees.  From internal company transfers and upskilling to paying for degrees and certifications to microlearning, your future employees are looking for ways to continue their development in their new company.  Professional development is a wonderful way to engage your employees.  Another way to engage your employees is through regular team building and community service. A team becomes their best when they know each other, and both of these activities can boost your team performance as well as build your company culture.

Now let’s switch our focus to keeping our employees on the team!  Employees want a sense of purpose at work.  They want to truly understand the value and the meaning of your company's mission and vision.  They also want to know exactly where they fit into your strategy.  Meaningful work and a sense of purpose will encourage employees to stay with you.  In addition, employees want to know that they are being paid a competitive wage and benefits. 

Take the time to conduct company climate surveys, to listen to your employees and to take action to address concerns.  Your employees need to know that you care about them and that you are doing your best to provide them with the tools they need to accomplish their job, while looking out for their best interests.

Remember that we are all in these challenging times together.  As a leader in your organization, take time to connect via professional organizations and learn from each other. 

Resources:

https://bit.ly/ForneyTalentAquisition

https://bit.ly/ForbesHiringTrends

https://bit.ly/TandEmployee

https://bit.ly/DeloitteHumanTrends

https://bit.ly/deloitteRethinkingRelationships

     

 

In July, Women 4 Technology once again hosted an outstanding Meaningful Networking event. During the event, women and men from various industries and technology fields gathered to connect and network. We even had a guest appearance from Treg Gilstorf, our Vice Chair. A big thank you to Brooksource for powering the event and leading one of our table discussions. 

Why Women 4 Technology?

As Kathy Vogler discussed in her guest blog Disparity in the Numbers last month, women make up only 22.3% of the technology workforce. Our W4T Peer Resource Group aims to help improve those numbers by developing leadership through networking, professional development, and mentoring opportunities. 

At the center of W4T's Meaningful Networking events are table discussions led by industry mentors. These discussions leave participants with tips, strategies, and connections to help solve business challenges, dissect industry trends, and achieve career goals. 

July's discussions delivered on these objectives, inspiring several ah-ha moments that left participants with actionable steps and reading recommendations that can be implemented to positively impact our days, careers, and teams:

• Penny McVay with Great American Insurance Group spotlighted Positive thinking and learning: If you think you can’t, you can’t… but if you think you can, you can! Penny shared the story of an NBA basketball coach and his approach to recognize and celebrate his team to success. She referenced two books Freedom Flight - The Origins of Mental Power and The Culture Code: The Secrets of Highly Successful Groups, and one mentee connected these ideas to the book The ONE Thing: The Surprisingly Simple Truth About Extraordinary. 

• Raquelle DeSimone and Julia Holocher of event-sponsor Brooksource led an exercise to help participants Own Your Day: Formula for Owning Your Profession based on the book of the same name: Own the Day, Own Your Life. The three-step exercise focused on defining a mission you believe in, describing how you work effectively, and owning your space. 

• Andrea Dale of To the Point Coaching and a W4T veteran, encouraged the mentees at her table to Strengthen their Influential Leadership Muscles by sharing her insights working with IT leaders. 

• Ashima Sharma with CareSource is a continued W4T supporter. In her discussion, Ashima encouraged mentees to Define Success for Yourself Before Setting Goals through what she has defined as the four p's - people, profit, purpose, and planet.

• And, Claire Rohan, TEKsystems Global Services, discussed Driving Business Value and Keeping the Customer at the Center of Everything You Enable, sharing several key takeaways including the move from solution-obsessed to outcome-obsessed; meeting people where they're at; and understanding that value is always determined by the customer. These lessons came from the book Pursuing Enterprise Outcomes: Maximizing Business Value and Improving Strategy for Organizations and Teams.

We think Lisa Austin of Great American Insurance Group summed up the event best when she said, "I wasn't sure I would be able to make it tonight; but I am so glad I could! This was a great reminder of how we as IT professionals contribute to our businesses, their vision and mission. The event and conversations were a great motivation to me with thought-provoking topics." 

If you haven't attended one of these events in the past, you're missing out! We look forward to you joining us at our next W4T event: 

Creating an Effective Business Case
September 16, 2022
8:30 - 10 a.m.

 

By: Kathy Vogler, Expedient Technologies

According to the US Bureau of Labor Statistics the rapid rise in women’s participation in the work force was a major development in the labor market during the second half of the 20^th century. In 2019, 57.4% of all women participated in the labor force¹.

It’s become normal for women to contribute to their families’ finances and fill jobs in the marketplace.  We celebrate these accomplishments. However, working women still face serious challenges that their male counterparts typically do not: motherhood and childcare, equal pay discrepancies, growth ceiling challenges with fewer leadership opportunities, and industry specific bias.

Currently only 22.3% of workers in the technology field are women.  A few other fields show similar statistics and a woman trying to make a career in these male-dominated industries must face these biases and cultures.

A simple search of LinkedIn Groups for “women in tech” results in over 1,000 offerings.  We are trying! My first female focused group experience was in 2013 with Women of Cisco and I’m proud of Technology First for creating Women 4 Technology in 2015.  A more recent group (2018) is CompTIA Advancing Women in Technology.  Women in this field understand the challenges. These groups bring together supportive women offering training, guidance, and mentoring. 

57.4% Overall – 22.3% Technology.  Why the disparity in these numbers?

Educators have been working on this issue for many years. How can we attract more young girls to choose a technology career?  “Start early!” shares Martha Taylor, Sinclair Community College Professor of CS&IT “Provide educational opportunities and career modules to K-6 grade teachers and counselors and bring to top of mind the IT career opportunities.  Create programming modules with hands-on projects that will start to build interest in IT for these young women.” And, from Kristin Friend, Senior Partner Development Manager Microsoft “Exposure, exposure, exposure! We need to make sure our STEM programs are designed for and marketed to girls of all ages with women mentors from the technology industry highly engaged with these programs.”

I attend a lot of technology focused jobs fairs and the number of young women attending and applying for available technology positions is dismal. Take a look at the crowd at the next technology event you attend, you’ll see the same.  A glimmer of hope is that the women who are working in technology are thriving and are willing to help others succeed.  The Technology First Peer Group Women 4 Technology currently has 66 active members and quarterly events. We are trying!

Intel’s 2021 Diversity and Inclusion Report ² shows their goal is to increase representation of women in technical roles to 40% by 2030.  Dr. Tarika Barrett, CEO of Girls Who Code hopes to close the gender gap in entry level tech jobs by 2030 ³ “It’s imperative for leaders to play a bigger part in this effort.  Women who do take tech jobs often drop out at age 35.  We need to focus on changing hiring practices and changing culture to sustain their careers and get deep and hardwired into the company DNA.  Sisterhood continues to shape the lives of women in tech who have been hidden or not recognized.  You’ll get stuck but you’ll have this team of support through the sisterhood that will carry you through into the workforce.  Be reflective of things that push you out of your comfort zone.  If you have a supportive organization or company, you’ll find that scaffolding you’ll need to sustain.”

Some important career lessons learned about being female in technology, “You have to demonstrate you have the knowledge to work in IT. It’s important to acquire skills and stay relevant in your field” shares Martha Taylor. And, from Kristin Friend “If you find a job opening that you may not have all of the skillsets per the post, it is ok, still go for it! Men do this all the time, whereas women tend to hold back until they feel they have checked all the requirement boxes. You want to find a job where you can leverage the skillset you have but can also grow and learn to advance your career.”

Women have come a long way but the fallacy persists that most women would rather not be techie. This change in mindset to offer technical opportunities to young women needs to come from parents, teachers, guidance counselors and course learning mechanisms.  To keep the women who choose this path from discouragement, change in mindset needs to happen with the C Suite, HR and employee culture committees.  Women bring strength through diversity and will positively impact technology given the opportunity.

We are trying!

1 Women in the labor force: a databook : BLS Reports: U.S. Bureau of Labor Statistics

2 Intel (Nasdaq: INTC) 2021 diversity and inclusion report - Bizwomen (bizjournals.com)

3 https://www.linkedin.com/news/story/girls-who-code-ceo-leans-on-sisterhood-5346636/

Technology First announces the election of two new members to its Board of Directors. The newly elected Board members are Karen Kauffman and Kevin Johnson.

Technology First’s Executive Director, Melissa Cutcher, said, “We are so pleased to welcome these two talented individuals. Their unique backgrounds, skills and experiences will make them great additions to our board and the organization”.

NEW BOARD MEMBERS

Karen Kauffman, Director of information Technology for Precision Strip Inc., which leads the industry in metal processing and technical capabilities. Precision Strip has grown to 15 locations throughout Ohio, Kentucky, Indiana, Alabama, Tennessee, and Michigan. Karen is passionate about innovation and supports Precision Strip as they continue their business through building locations and acquisitions.  

Kevin Johnson, Vice President of Information Technology

Wright-Patt Credit Union (WPCU) which is a not-for-profit cooperative, where members are owners of the credit union, and therefore share in a portion of the credit union's profits. Kevin supports WPCU by providing strategic and managerial responsibility for WPCU’s information technology division, including financial systems, data warehousing, technical services, IT Security, and Project Management Services.

Technology First Board Members

Officers:

Board Chair - Scott McCollum - Sinclair College

Vice Chair - Treg Gilstorf - Smart Data

Treasurer - Bryan J. Hogan - Afidence

Directors-at-large

Jim Bradley -Tecomet (Retired)

Diana Bolden - (Retired)

Paul Stoddard - Gartner

Matt Coatney -Thompson Hine LLP

Gary Ginter - Premier Health

Lisa Heckler - CareSource

John Huelsman - Hobart Service

Don Hopkins - Wright State University

Don Kennedy - Smart Data

J.D. Whitlock - Dayton Children’s

Paul Moorman - ND Paper (Retired)

Thomas Skill, Ph.D. - University of Dayton

Kevin Johnson - Wright-Patt Credit Union

Robin Poffenberger - Washington Centerville Library

Karen Kauffman - Precision-Strip

By: Bill Baez, PhD, Vice President-Strategy, Ascend Innovations

Data scientists begin analysis by working to understand the people and data involved before turning any numbers into actionable, data-driven insights. Data science frameworks often begin with an initial step of “Business Understanding”, as seen in the Cross-Industry Standard Process for Data Mining and Microsoft’s Team Data Science Process. However, like many analytical fields, data science is often defined using a cold, precise tone, like this one from a recent CIO article:

“The goal of data science is to construct the means for extracting business-focused insights from data. This requires an understanding of how value and information flows in a business, and the ability to use that understanding to identify business opportunities.”^[1]

And while true, definitions like these often gloss over a fundamental aspect of these data-driven insights – the people using them.

While data science frameworks often focus on the need to understand the business, they lack an emphasis on the individuals faced with problems that require the data scientist’s expertise to solve. To provide great and effective solutions, data scientists must be willing to understand what their users feel about their problems. Data scientists need to first empathize with their clients.

A growing trend within data science is incorporating elements of design thinking into data science frameworks. Design thinking has long been used in product development and considers empathy to be the first step where researchers can get a better understanding of the problem users are trying to solve.

Data science is fundamentally a collaborative effort between you and those using your solution. Data scientists that foster a deep interest in understanding the people for whom their products are built, create more effective data-driven products and services than those that deliver a sound technical package. Data scientists must place the same weight on understanding their user’s needs as they do in feature engineering or picking the right machine learning model. Not seeing the problem through the user’s eyes can lead to weeks, if not months, of wasted effort creating a model or dashboard that is ultimately not used.

Historically, data scientists have focused on the technical aspects of a project to improve performance. Improved accuracy is only part of the equation when examining a product’s effectiveness. Increasing a model’s accuracy from 80% to 83% isn’t always the right metric to measure its impact on the problem you set out to solve. You want to find out how often that model or dashboard is being used and in what context. You also want to understand how much the decisions made by the models are acceptable to users, how to build trust in the results, and how your users identify value from your product. The answers to these questions will help data scientists develop solutions that are not only technically right but also effectively right for the people using them.  

 

Bill Baez, PhD, Vice President-Strategy, Ascend Innovations

Bill is currently the VP of Strategy at Ascend Innovations in Dayton, OH. In his role, he works closely with multiple departments to provide socially impactful, data-driven products and services to organizations trying to solve complex community problems.

^[1] https://www.cio.com/article/221871/what-is-data-science-a-method-for-turning-data-into-value.html

By Shawn Waldman – CEO – Secure Cyber Defense, Miamisburg, OH

I've been in technology for over 25 years, and one of the first things I did in 2009 when Cybersecurity was becoming a thing was to have an external firm evaluate my program. Considering that I didn't have a program back then, the results were very enlightening. I hired a firm that could look at me through a completely different set of eyes. They didn't know my company or me and came at the task differently. 

Let's look at some of the many reasons you would want to have this done. 

Insurance

First and foremost, we're seeing that many insurance carriers are explicitly asking you to have a 3rd party assessment to renew or obtain coverage. Unfortunately, this leaves the door open for interpretation of how the evaluation is carried out. We recommend using many mainstream compliance frameworks like the CIS Top 18 Controls, NIST 800-171, or the National Cybersecurity Framework. Depending on the maturity of your organization, you might also want to investigate the ISO 27000 set of standards.

Risk Management

When I'm talking to potential clients, one of the first things I usually talk about is that no business owner will decide about a significant move in just about anything without having good intelligence and information to support the action. Quite frankly, many company executives and managers are completely unaware of the Cybersecurity risk that might be present. A considerable benefit of the assessment process is that a seasoned and experienced assessor can pivot from the interview and look more profound for risk. What's the most common way risk makes its way into an organization? Change.

Getting a Fresh Look

Sometimes, it's just nice to get a second set of eyes on things to see if anything is missed or a different way of doing things. A natural reaction is to resist the need for an assessment because it can be seen as a threat or a sign of distrust. Quite the contrary, actually, in the over ten years I've been doing 3^rd party assessments, I can only count on one hand the number of times that someone took it that way. Most companies and IT staff welcome a second set of eyes, especially with Cybersecurity, since most IT staff don't want to take on that expertise.

Compliance Requirements

Maybe your organization is required to maintain a certification or requirement for you to perform a contract or business with a customer. In this example, CMMC/DFARS/NIST is a perfect model. Since before the requirements were ratified, Secure Cyber Defense has performed pre-assessment work in this area as the customer's advocate. Although the CMMC rules are in flux (recently reduced from 5 levels down to 3), it's important to monitor new contracts for CMMC notification levels. Until then, make sure you work with a trusted provider who can start working with you through the Plan of Action and Milestones (POAM) and help prepare the System Security Plans (SSP). We recommend all defense contractors continue to work on the DFARS/NIST compliance pieces as regardless of what CMMC does, those components will be required for the foreseeable future. 

Vendors/Customers Request It

Next on the list, you would want a 3rd Party Cyber assessment because vendors and customers may require it. It's not out of the question, and many of you have already been requested to have an external evaluation to keep those relationships. These requests generally surround the increased push for organizations to keep their 3^rd party vendors in check (i.e., CIS Control 15 covering service provider management). It's always good to keep a current external assessment on file; we recommend every year or every other year.

Light Threat Hunting

Something that we've been doing since the beginning has been doing what we call "light threat hunting." In the course of our assessment, we provide some threat hunts of known and documented threats (like log4j indicators) and communication with countries currently listed on the Office of Foreign Access Control (OFAC) list. Often, this can be a good indicator of a potential threat or evidence of one in history. As you are searching for 3^rd party assessment vendors, I would ask about.

Blow the Dust Off Your Policies

The policy is still one of the not-so-glamorous parts of managing an IT Department and a Cybersecurity program. Things like an Incident Response Plan, Disaster Recovery, and Business Continuity were all things that were not on the priority list year ago. That being said, we've come across many organizations that have policies but haven't been updated for many years. Assessors can look at the guidelines that you do have and provide some feedback on any changes that might need to be made to make them current.

C-Suite and Boards Take Note

Executives in the C-Suite and Boards need to note that not having an external look at your organization can often put you in a blind spot. Like I've said previously, it's not a trust issue, and it's the fact that you can get tunnel vision looking at the same things for many years. Like I've said earlier, this happened to me when I was managing IT. Only when I hired an external firm to look at my organization did I learn that there were processes and information I didn't have about new hardware/software solutions available.

Perform Regular Re-Assessments

As indicated in this article, we recommend getting regular assessments and rotating through providers at least every other year, much like you would with penetration testing. The idea behind this is that you will get a completely different perspective and process each time you switch vendors.

In Summary

This article has spent a lot of time discussing why you would need to hire a firm to perform a 3^rd party Cybersecurity assessment, and I've outlined many of the reasons we do them and some of the components that make up our service. Please spend some time interviewing the firm as one of the most valuable assets of an assessor is their background and experience and their ability to inject their years of expertise into your company.

About Secure Cyber Defense  

Secure Cyber Defense offers 24/7/365 threat monitoring services, Fortinet hardware, secure email, cybersecurity and compliance consulting, incident response services, and cybersecurity training for businesses and government agencies to protect company data from cyber threats. Offering both installed and "cybersecurity as a service" offerings, we scale custom solutions for any size organization. Secure Cyber Defense is a Premier Fortinet Partner.

Mardi Humphreys, Change Agent, Integration Edge

Tenacity is when we try something, but if it doesn’t work we try different ways to achieve the same goal. Here’s why and how we should develop tenacity on the job.

Why:

Tenacity is a hard ability to train, so tenacious employees earn the respect of both their managers and peers. Workers willing to do what is necessary for the business to endure downturns are the ones who get to keep their jobs. Successful people are tenacious. Doing hard things and seeing them through to completion gives us confidence. We develop mental toughness and keep going when others quit. Most people expect Plan A to work every time, but how often does that really happen? There are 26 letters in the alphabet. Let’s be unafraid to go back to a failed Plan A and revise it to make a Plan B, Plan C, or however many letters it takes to overcome the setback. Let’s learn how to not make the same mistake twice. Making new mistakes is much more fun.

How:

• Perceive failures as experiments: When we think we’ve spent all our energy and ideas on overcoming our obstacle, let’s give it one more try and change the input to achieve a better outcome. Often, the answer lies just beyond what we think we’re capable of.
• Set S.M.A.R.T. goals: We’ll filter our responsibilities through them. E.g., if we want to be the team’s SME for JavaScript, how do the tasks on our daily to-do lists get us closer to that goal?
• Identify a coworker as a friendly rival. We’ll find someone who is competing for the same promotion or the same client, etc., and use her as the bar against which we measure our work. Does she know Excel better than us? We can take an online class (many are free with a library card) to increase our knowledge. I call competing with someone who is on my team “coopetition.” (Think Group Round during Hollywood Week on American Idol). We strive to outperform this person because we admire her success. We can use this as motivational fuel to course correct when we’re struggling. This study says we succeed when our rival succeeds. We can learn from her mistakes as well as build on her successes.
• Jim Rohn said, “You are the average of the five people you spend the most time with.” Let’s hang out with tenacious people: professional groups, friends, family, and people with our job title from other companies. We can also read biographies of tenacious people and study what they did.
• Tenacious people are comfortable with being uncomfortable. If our fear of failure is holding us back, let’s do something about it. Let’s sift through the symptoms to get to the root. (Journaling may help us see it easier.) Then take baby steps every day to overcome it.

Tenacity comes through practice. The bad news is, this means facing adversity over and over again. The good (?!) news is, life gives us plenty of adversity to practice with.