Notes on data, AI, IT
and security
No marketing fog. The way I think about real problems with founders and managers.
Questions the board should ask after the surveillance disclosures
Backup, jurisdiction, logging, contracts, operator access - what leadership needs to verify after the PRISM story.
After PRISM: the cloud is no longer just a cost question
The NSA surveillance disclosure turned trust in cloud providers from a technical question into a political and legal one.
Experiments and A/B thinking: what digital products can teach everyone else
Not every decision needs a year-long project. Some of them should be tested with fast, cheap experiments - even in non-digital environments.
Data scientist, analyst, engineer: it is time to tell the roles apart
Why 'data person' is no longer a precise enough role, and how blurred expectations sink teams before work even begins.
Human in the loop: why automated decisions increasingly need a person nearby
The higher the risk of a decision, the more important deliberate semi-automation becomes. Full system autonomy and full manual control are both losing strategies.
ODS, data marts, DWH: why you cannot build an analytics landscape with one abbreviation
Each layer of an analytics architecture solves a different problem, operates at a different speed, and needs its own owner. Mixing the layers is the source of most analytics problems.
Cross-border cloud: where your data physically is and how to verify it
Trust in a cloud provider requires concrete answers: where is the data stored physically, who has access to it, and how is that confirmed in practice.
Streaming vs batch: when real-time is justified and when nightly batch is the honest choice
Before choosing a data processing architecture, it is worth honestly calculating the cost of latency - and finding out whether the business actually pays for it.
BYOD stops being an IT question and becomes a management one
When employees' personal devices enter the corporate access perimeter, this is no longer a problem for the IT team - it is a decision the leadership has to make.
Robotic picking: the economics only work with a solid data foundation
A robot without accurate master data and reliable telemetry quickly runs into operational chaos.
SIEM without maturity is an expensive noise machine
A good SOC starts with solid telemetry and defined scenarios, not with buying a platform.
Personal data protection done properly: it starts with a data flow model
Without a map of data flows you cannot honestly build either security controls or compliance - you are just patching random holes.