Notes on data, AI, IT
and security
No marketing fog. The way I think about real problems with founders and managers.
Metadata is not an appendix to data
Why a data catalog and metadata ownership are an infrastructure question, not bureaucracy.
DevOps is culture first, tooling second
Why buying a CI/CD platform does not make a company DevOps, and what needs to change before you pick a tool.
Architecture questions at year end: what to settle before 2015
A few questions about IT architecture worth asking yourself at the end of the year - not for a report, but so that 2015 starts without unnecessary baggage.
NIST Cybersecurity Framework as a language between security and management
What the first version of NIST CSF offers and why it is primarily a risk management tool, not a technical standard.
Privilege escalation: why access control is an operations problem
Why most serious incidents begin inside the perimeter, and how to think about privilege management as a continuous process rather than a project.
Vendor lock-in is a real cost, not an abstraction
How dependency on a single cloud provider or platform accumulates as a concrete financial and operational liability, and how to think about it before it matters.
Knowing when your ETL pipeline is sick
Why data pipelines fail silently, what signs to watch for, and how to build monitoring before the problem shows up in a management report.
Recommendation systems: what they need before they work
What a recommendation system actually requires to function, and why most projects stumble before they ever reach the algorithm.
Technical debt as a management concept
How to think about technical debt not as engineers complaining, but as a real asset with interest payments - and what to do about it.
Robot safety standards: what ISO 10218 means in practice
A look at the practical obligations the industrial robot safety standard creates for manufacturers and integrators, beyond the paperwork.
Streaming data pipelines: why batch processing is starting to show its limits
What changes when you move from nightly batch jobs to continuous data streams, and when that shift is worth the added complexity.
Event sourcing: why keeping history changes what analytics can ask
What event sourcing means as a data approach and why it is an architectural decision with long-term consequences for a company's analytical capabilities.