CIO CIO

“It’s more that the casino is open, drinks are flowing, people are gambling wildly, and the staff is getting tipped well,” he adds. “We, the customers, are the staff raking in tips. Whether the gamblers win or lose, the valet gets to keep the $100 he got for parking the Lambo out front, and we get to use free ChatGPT accounts.” New pricing models Other observers see AI vendors’ customers footing a large portion of the bill. CIOs are likely to face higher subscription fees, usage-based pricing, or premium charges for advanced features, says Firdaus Bhathena, CTO at fintech firm FIS. “The costs of building out AI infrastructure will ultimately fall to enterprise users, and for CIOs, it’s only a question of when,” he says. “While hyperscalers and AI vendors are currently shouldering much of the expense to drive adoption, we expect to see pricing models evolve.” source

The 7 Brew CIO advises CIO aspirants to architect their careers as lattices not ladders, and to embrace lateral moves, learning agility, and their networks as they strike their own paths to the top. source

Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification. The updated certification delivers the industry’s most comprehensive and practical approach to mobile application security testing. CSO Magazine recently recognized eMAPT among the Top 16 OffSec, pen-testing, and ethical hacking certifications for 2025, noting that the eMAPT certifications “offer hands-on training and up-to-date curricula, equipping offensive security professionals with their choice of specialized or broad skill credentialing.” The publication specifically highlighted eMAPT as the only certification to focus on mobile application penetration testing among all cybersecurity certifications reviewed. “The enhanced eMAPT certification delivers exactly what pentester professionals need in today’s mobile security landscape,” said Dara Warn, CEO of INE Security. “The certification training focuses on sophisticated analysis techniques, runtime protection bypasses, and effective communication with development teams. With the enhanced eMAPT, we’ve built a certification that teaches practical skills while maintaining the technical rigor that advanced mobile security work demands.” Mobile Security Skills Gap Threatens Organizations Mobile applications handle financial transactions, healthcare data, and critical business operations, creating an exponentially expanded attack surface. Organizations need security professionals who can think like attackers while understanding the business context of their findings. The enhanced eMAPT certification produces professionals who deliver both technical expertise and clear communication, whether they explain SSL pinning bypasses to development teams or document OWASP MASVS compliance for executives. Dual-Exam Format Validates Real-World Skills The enhanced eMAPT certification features an innovative dual-exam approach that validates both conceptual understanding and practical application. This comprehensive assessment ensures certified professionals have the theoretical knowledge and hands-on abilities to secure mobile applications effectively in professional environments. The enhanced certification delivers: Comprehensive iOS and Android Coverage: Training now covers both major mobile platforms with equal depth and focus Hands-on, Lab-Based Training: Candidates gain practical experience through real-world mobile application testing scenarios Professional-Level Validation: Certification validates knowledge and skills required for professional mobile application penetration testing roles Advanced Technical Skills: Curriculum includes mobile application fuzzing, reverse engineering, and malware analysis Industry Framework Integration: Assessments map to OWASP MASVS, MTTG, and PTES methodologies Business-Ready Communication: Training emphasizes vulnerability documentation and stakeholder reporting Seven Critical Domains Target Real Security Challenges The enhanced eMAPT certification covers seven essential knowledge domains that reflect actual penetration testing workflows: Mobile Application Security Foundations (10%) – Core principles and architectural security concepts Threat Modeling and Attacker Mindset (10%) – Structured assessment methodologies and threat analysis Reconnaissance and Static Analysis (20%) – Advanced binary analysis and code inspection techniques Dynamic Testing and Runtime Manipulation (20%) – Live app testing and security bypass methods API and Backend Security Testing (15%) – Authentication, authorization, and API vulnerability assessment Reverse Engineering & Code Deobfuscation (10%) – Binary analysis and custom tool development Mobile Malware Analysis (10%) – APT campaigns and evasion technique analysis Reporting and Communication (5%) – Documentation and stakeholder engagement Target Audience Spans Multiple Security Disciplines The enhanced eMAPT certification targets intermediate-level cybersecurity professionals across multiple specializations. Pentester professionals gain mobile-specific expertise to expand service offerings. Mobile application security analysts learn to recognize attack patterns and improve incident response. Developers building secure apps gain attacker perspectives to identify flaws during development. Red team operators master mobile attack vectors for comprehensive adversary simulation. Cybersecurity consultants develop hands-on skills for client guidance. Malware analysts acquire mobile-specific reverse engineering capabilities. “The eMAPT establishes the gold standard for mobile application penetration testing certification,” said Warn. “While other mobile web application certifications cover some aspects, eMAPT addresses the specific needs of mobile application penetration testing with unmatched depth and practical focus. The certification covers advanced techniques like mobile malware analysis and custom deobfuscation tool development – skills that become increasingly valuable as mobile threats grow more sophisticated.” Immediate Availability with Launch Promotion The enhanced eMAPT certification is available immediately at https://checkout.ine.com. The corresponding learning path includes comprehensive training materials, hands-on lab environments, and access to an industry-leading mobile security testing tool. It is available with a Premium subscription. Through August 6, 2025, INE Security is offering special launch pricing for early adopters of the enhanced eMAPT certification. About INE Security: INE Security is the award-winning premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. Contact Kathryn Brown INE Security [email protected] source

Overview Email threats are evolving—and traditional security tools aren’t keeping up. In this episode of DEMO, Keith Shaw is joined by Abnormal AI Sales Engineer Alex Dolce for a hands-on look at how the company’s behavioral AI platform detects phishing, business email compromise (BEC), and zero-day threats that bypass Microsoft 365 and Google Workspace defenses. Watch the full demo above and read the transcript below to learn how Abnormal AI integrates seamlessly with your existing environment, automates phishing triage, and reduces SOC team workload through AI-powered workflows. [Editor’s note: At the time of recording, the company name was Abnormal Security. We have changed this to their current name, Abnormal AI, in the headline, description and transcript.] Register Now source

In cloud architectures, best practices around proscriptive environment configurations are routinely automated to ensure that critical factors, like sizing, cost, performance and security, are embedded through infrastructure-as-code by default and by design. CI-CD pipeline deployment automation enforces blue-green deployments to test assumptions, reduce risks associated with defect resolution and limit the “blast radius” of defective features through targeted and limited, soft-launch audiences. Simulation in some form is already used as a routine practice today to provide observability metrics and use those metrics to manage very specific, risk-sensitive, governed outcomes. More sophisticated simulation models and testing, however, are also not new to IT, software engineering or enterprise software portfolios. We’ve seen attempts to manage and optimize workflows with robotic process automation, business process management and business process optimization. These sometimes fragmented and disconnected solutions mostly facilitate an understanding of current processes and models and help us optimize or refactor processes through brittle, scripted implementation. The missing piece was not the ability to model and simulate, it was the intelligence automation to analyze, execute and adapt. Enter LLMs, agentic AI and what is now mature digital twin technology for comprehensive simulation of process, system, technologies and ecosystems. The term “digital twin” was originally used by Dr Michael Grieves at the University of Michigan in 2002, during a presentation on product lifecycle management (PLM), so while it found a home in industrial settings, the concept of a mirrored instance to validate design assumptions, risk and reward has broad applications. Further, the marriage of agentic AI with digital twin technology poses an interesting opportunity. But first, let’s look at the respective capabilities of both technologies.  source

“This vulnerability was relatively simple to exploit, and required only minimal table access, such as a weak user account within the instance or even a self-registered anonymous user, which could bypass the need for privilege elevation and resulted in sensitive data exposure,” said Varonis in its blog.  It isn’t aware of any cases where this vulnerability was exploited before ServiceNow issued the patch in May. Varonis warned ServiceNow about the hole, dubbed Count(er) Strike, in February, 2024. Platform can hold huge amount of sensitive data A cloud-based platform, ServiceNow offers a wide range of capabilities including IT service management, IT operations management, customer service management, human resources service delivery, governance, risk, and compliance, healthcare and life sciences service management and more, meaning it can store a wide-range of sensitive personal data. source

Scott Bickley, advisory fellow at Info-Tech Research Group, described the announcement as a development that is “long overdue. It should be no surprise that, collectively, the US government is either the largest or close to the largest customer of most of the software mega-vendors, which include Oracle. For decades, GSA pricelists have demonstrated discount levels for agencies barely below the retail price in many cases.” He said, “a flat 75% discount on perpetual license software is a good start; however, it is hard to compare to the private sector, where discounts can go much higher than this baseline. The positive impact of this may be more symbolic, however, as the rate of traditional license purchases has declined precipitously, as workloads continue to migrate to the cloud.” “Oracle does provide a discount structure for its OCI cloud services based on levels of spend; however, it is not clear if the GSA agreement improves upon these programmatic levels or simply codifies them through November,” Bickley added. “While there is no mention of Oracle Java, one has to wonder if government-wide discounts were applied here as well, and if so, by agency or in taking all of the US federal government as a whole.” source

Every Monday at 7 a.m., a cohort of Principal employees jump on a Teams call for a quick study group. Typically chaired by the chief digital and artificial intelligence officer (CDAIO) or someone else on the team, the 300-plus and growing learning community digs into the technology, cultural, and organizational impacts of generative AI. There are deep dives into the implications of new gen AI models, discussions of compliance and ethical risks, and knowledge sharing around emerging use cases and technical best practices. The study group, which took root when ChatGPT was introduced in November 2022, is now a formalized effort intent on exposing all Principal employees — not just a select few — to what’s fast emerged as a business-defining technology. The study group, one piece of a broader change management and AI literacy campaign, is designed to bring Principal employees and leadership up to speed on generative AI’s ground-breaking potential while generating confidence and enthusiasm in the technology to improve long-standing work patterns. “Through education and literacy initiatives, we’re cultivating an AI mindset that will drive adoption, innovation, and meaningful business impact across the organization,” says Kathy Kay, executive vice president and CIO at Principal Financial Group, a global financial investment and insurance company. “You’re doing a disservice if you don’t teach everyone how to leverage the technology because it’s going to be table stakes in the future.” source

It’s a lucrative role, with a reported average salary of $154,162 per year, and salary range of $108,000 to $224,000 per year, according to data from PayScale. Enterprise architects often go on to work as a CTO, software engineer, development director, or CIO. To become an enterprise architect, you’ll need an undergraduate degree in computer science, IT, or a related field, and at least 10 years of experience in IT or a related field. You’ll also need hands-on experience working with computer systems, hard drives, mainframes, and other architecture technology. Enterprise architects also need several soft skills to succeed, including communication, problem-solving, critical thinking, leadership, and teamwork. According to PayScale, the most reported hard skills for an IT enterprise architect include Microsoft SharePoint Server, AI, Microsoft Azure, data warehouse, business intelligence, data modeling, strategy development, enterprise solutions, enterprise application integration, and software architecture. source

Welcome to Global Tech Tales, where we talk with editors from around the world about the latest technology and leadership topics, and hear stories from IT leaders about what they’re looking for. I’m Keith Shaw co hosting along with Matt Egan. He is the global content and editorial director at Foundry, who’s also represents the UK in these shows. And this month, we are joined by Jack gold, Principal Analyst at J Gold Associates. Welcome everybody. Good to see you. Jack. Thanks guys. All right. And so for this episode, we are talking about how AI is transforming the data center. Last week or last month, we talked about how AI is disrupting cloud computing. And so this almost is like the opposite end of that scale for a lot of IT people. So, you know, there are a lot of great reasons for running AI applications in your own data centers. AI is putting new demands on virtually every aspect of data centers, from servers, networks, power grids and more. But beyond this decision about where to run AI workflows, other issues are looming in the background. So we’re going to take a look at all of the different things, and we start the show off as always, with some statistics. So this is what I found rummaging around the internet and including the 2025, state of the data center report from core site and Foundry, shows that the expansion of AI is pressuring organizations to reassess their IT infrastructure, to balance cost and performance with Co Location data centers now taking on an expanding role in the study. This is an amazing number. 98% of IT leaders said they have adopted or plan to adopt a hybrid IT model. The research also suggests that cloud costs are driving organizations to repatriate apps and workloads from the cloud back to on premise data centers. Another stat that blew my mind too was that the SMP global voice of the enterprise survey said that more than 70% of respondents are saying that their current IT infrastructure was inadequate for future machine learning and AI workloads. So that’s down the road. McKinsey said that 70% of total data center capacity demand will be aI related by 2030, and generative AI loan apps alone will be about 40% of that capacity. And then data power, data center power demand is also expected to skyrocket, according to Goldman Sachs, power demand is going to rise 50% by 2027 and 165% by 2030 so you got to start thinking about all of your power issues. And then finally, 2023 report by Uptime Institute said 58% of data center operators are struggling to find qualified candidates for vacancies, with shortages concentrated in junior and mid level operations. In addition, 34% of companies said they had no initiatives to initial to recruit and train new entrants. So there’s a lot of stats around the world of the data center these days. So what I want to start off with, however, before we jump into the how AI is affecting things, before the show, we were talking about, the issue is that I think our perceptions of what a data center is these days is is just is a little off kilter. So you know, when I think of data centers, I think of what my dad was doing back in the 70s where you had giant machines and punch cards and air conditioned rooms and things like that. But that perception is no longer the case, right Jack? Jack Gold source