Notes on data, AI, IT
and security

Data . September 6, 2013

KPI worth fighting for: how to tell signal from dashboard decoration

A KPI only matters if it can change a decision. Everything else is decoration on a dashboard.

Read

Security . August 30, 2013

Payment infrastructure as a target: what retail teaches us

The real lesson from payment data incidents is about segmentation, logs, and response time - not just protecting card numbers.

Read

Security . August 23, 2013

Supply chain risk before the SBOM era: why dependencies need to be tracked systematically now

Opaque transitive dependencies are not an academic problem. They are already an active attack vector.

Read

Security . August 15, 2013

Touch ID and corporate identity: what biometrics is actually useful for, and what to avoid overstating

Biometrics is a convenient authentication factor - not a substitute for a proper identity architecture.

Read

IT . August 9, 2013

Team contracts: APIs and data cannot run on trust alone

Why internal interfaces require explicit expectations - around structure, quality, and how changes are handled.

Read

Data . August 2, 2013

The event log as source of truth: why event-driven beats point-to-point integration

How shifting from bilateral API calls to a shared event journal simplifies system coupling and removes the fragility of double-writes.

Read

IT . July 26, 2013

Docker changes the conversation about delivery: the repeatable environment matters more than the container

Containerization is first and foremost a delivery discipline, not a new way to package an application.

Read

Security . July 18, 2013

Least privilege in practice: why access needs to shrink, not just grow faster

Granting access without managing its lifecycle is convenient right up until the moment it becomes a real business risk.

Read

Security . July 12, 2013

The Adobe breach as a lesson in password storage and the cost of old schemes

What the large-scale 2013 breach tells us about the price of outdated secrets storage and how companies respond to incidents.

Read

Robotics . July 5, 2013

Edge before it was called edge: what to compute at the machine, what to send to the center

Reaction time, latency, and network reliability demand different places for computation. How to think about distributing logic between a device and a central system.

Read

AI . June 28, 2013

Reinforcement learning and Atari: not about games, but about a class of problems

Why DeepMind's results on a games console matter not for entertainment, but as a signal about a whole class of optimization problems in business.

Read

IT . June 21, 2013

Business continuity for SaaS: when someone else's service becomes your operational backbone

SaaS speeds up business, but it does not remove the obligation to prepare for failures. How to think about dependencies on external services.

Read