Notes on data, AI, IT
and security
No marketing fog. The way I think about real problems with founders and managers.
Technical debt: how to talk about it with your team and make decisions
Technical debt is one of the hardest topics for conversations between technical and non-technical leaders. I offer a language and a structure for that conversation.
RPA and industrial robots: why they get confused and how they differ
The word 'robot' means different things in IT and in manufacturing. I explain the difference between software robots and physical ones, and why that matters for decision-making.
Operational data and analytics: why they need to be separated
Many companies try to build analytics on top of operational databases. I explain why this creates problems and how to think about the architectural separation.
From pilot to product: the gap that breaks AI projects
A language model works beautifully in a demo - and falls apart in real use. I look at where the gap is and how to bridge it.
Software supply chain attacks: when the vulnerability arrives with an update
An attack delivered through a trusted software vendor is one of the hardest threat vectors to defend against. I look at how it works and what businesses can actually do.
IT modernisation: why big-bang replacement rarely works
Large projects to replace IT systems often fail or exceed their budgets by multiples. I explain why an incremental approach works better and how to apply it.
Data contracts: how teams agree on quality
When multiple teams share data, conflicts of expectation are inevitable. Data contracts are a practical tool for making those expectations explicit.
OpenAI plugins: what the announcement actually means for builders
OpenAI opened plugin access to developers this week. Here is a calm reading of what the architecture implies - and what questions to ask before building on it.
Prompt engineering: the patterns that actually matter in practice
A grounded overview of the prompt techniques that produce reliable results, and the ones that sound sophisticated but do not hold up in production.
GPT-4 and a new conversation about quality, multimodality and the cost of errors
The release of GPT-4 changes not only what language models can do but the conversation about when AI is acceptable in production systems. I look at three key shifts.
RAG: how retrieval-augmented generation actually works
Before building a chatbot over your own documents, it helps to understand what RAG does, what it does not do, and where the failure points are.
LastPass and the lesson in secrets management: what happened and what it means
The 2022 LastPass breach became one of the most discussed incidents in credential management. I look at what happened and what conclusions matter for business.