Recently, LinkeDin (which I am, actually, using, but only as one of the platforms for the free, online CISSP seminar) has been telling me that I am "one of a few experts invited to add to any of these 5 articles."
Oh, be still my beating heart.
However, today I decided to take a look at whatever this was, since the question that popped up was "How do you keep up with the latest security architecture trends and innovations, such as cloud, AI, ..." and, of course, anything to do with education or lifelong learning is of interest to me. (That was, of course, not the whole question: when I got to the actual article they had added "or IoT?")
LinkeDin makes a big deal over the fact that this is an "AI-powered collaborative article." They go on to say that "This is a new type of article that we started with the help of AI, but it isn’t complete without insights from experts like you. Share your thoughts directly into each section — you’re in a select group of experts that has access to do so."
Again, be still my beating heart.
The thing is, as I started to read this piece, I could well believe that it was (mostly) written by the brain-dead "language models" represented by ChatGPT and its ilk. It was pretty pedestrian stuff, and the only areas where I would have been allowed to enter input were under categories such as "define you security objectives," "assess your security posture" and other trite cliches from any "define your own security architecture in five easy steps!" piece. None of this has anything to do with "keeping up" with the latest technologies.
Oh, how *do* you keep up with the latest security architecture trends and innovations, such as cloud, AI, or IoT? Well, that's pretty straightforward. Not necessarily easy, but straightforward. First of all, you know your stuff. You know enough about the history of technology to know that, for example, cloud is not new. It's just "someone else's computer," and we've been using that for decades, under such names as "timesharing" and "distributed computing." What applies to them, applies to cloud. For AI you have to know what AI is, and what it isn't. It isn't a single thing, but a collection of technologies, all of which may have advances at any given time. And you have to be able to "spot the hype," as in the recent case of DALL-E and ChatGPT. They are just large dataset pattern models. Interesting, but not, fundamentally, important, in and of themselves. The important thing is not to get taken in by them. IoT? OK, that is significant, but, again, it's just "Bring Your Own Device" taken to a much higher level, and the same factors and concerns apply. The fact that vendors have gone into it in a big way means that the attack surface is much larger, but not, fundamentally, different.
(None of this could be fit into the categories that LinkeDin felt covered the question. And I have no idea where AI might have fit into the picture.)
No comments:
Post a Comment