CIO CIO

Key initiatives in Foundational EA  The right team. Establish clear roles and responsibilities for an integrated team of business, application, data and technology architects.  With the right tools. A centralized EA repository enables enterprise-wide visibility into systems, dependencies, and risks.  Doing the right things. Governance ensures that EA strategies aren’t just models on paper — but actionable frameworks that drive results.  Business impact of Foundational EA  Eliminates inefficiencies by reducing redundant IT investments.  Provides clarity into the technology landscape, helping leaders make better decisions.  Enhances IT-business alignment, ensuring that technology supports corporate strategy.  The question isn’t whether EA should play a strategic role — it’s whether the foundation is strong enough to support it. With this foundation in place, EA can evolve from governance and documentation to driving real business impact.  Stage 2: Operational EA – Delivering business optimization and agility  Once the foundational structure is established, EA can shift from static documentation to active execution. At this stage, EA plays a key role in digital transformation initiatives, enabling business agility, cost optimization and faster time-to-market.  Common pitfalls without Operational EA  Many organizations stop at Foundational EA, treating architecture as a passive support function rather than an enabler of execution. The result?  source

The Block ecosystem of brands – including Square, Cash App, Spiral and TIDAL – is driven by more than 4,000 engineers and thousands of interconnected software systems. Today, Block is doubling down on engineering velocity, investing in major initiatives to help teams ship software even faster. The initiatives will build on an already relentless focus on speed that has helped Block empower more than 50 million individuals and four million sellers. “We want engineering velocity to remain our competitive advantage,” says Azra Coburn, Block’s Head of Developer Experience. “Block is a large and complex organization, and it’s still growing. We realized that if we wanted to operate at the speed of a startup, we needed to make a more dedicated investment.” With this aim, Block has established a global developer experience function focused on empowering developers to innovate rapidly and deliver high-quality products. This article goes behind the scenes on what’s fueling Block’s investment in developer experience, key initiatives including the role of an engineering intelligence platform, and how the company measures and drives success. Sustaining velocity at scale Block’s approach to developer experience has evolved significantly as the company has grown. In the early days, different teams and business units operated independently, each with its own tools and workflows. While this freedom initially enabled rapid time-to-market, it also resulted in complexity as the company grew to include multiple business units and thousands of developers. “With different teams and business units working in different ways, the cognitive load for developers became significant,” Coburn explains. “It required us to rethink our workflows and change how teams were structured.” To maintain high velocity at scale, Block recognized the opportunity to unite the engineering function around standardized tools and workflows, or “golden paths.” The aim is to reduce duplication while investing in a core set of patterns and tools, enhancing productivity and fostering a culture of continuous improvement. Setting the roadmap Block’s developer experience team determines its roadmap using quantitative and qualitative data to identify opportunities and measure impact. With this approach, the team has identified opportunities to reclaim over 500,000 hours of developer time annually. “Our approach is to first and foremost listen to our internal customers, who are our engineers,” says Coburn. “We run a quarterly survey that directly contributes towards our roadmap in developer experience, helping decide how we invest and prioritize. Our investments are driven by what we hear from our engineers.” Block collects developer experience data with the help of DX, an engineering intelligence platform that helps streamline data collection and reporting, as well as enabling Block to benchmark itself against industry peers. Through the DX platform, Block is able to provide developer experience metrics to all leaders and teams across the company. “We value working in the open, so we’ve opened the survey responses up to everyone,” Coburn says. “Every engineer has access to look at their team’s data and everyone else’s data, and benchmark themselves against our industry peers.” Coburn’s team also publishes an annual internal State of Engineering Velocity report highlighting key metrics and benchmarks captured in DX. “We have four key metrics that we’ve nicknamed DEVIQ, which stands for developer experience, velocity, impact, and quality,” she says. “Our approach is derived from the DX Core 4 framework, and we track these metrics across Block both as a company and at the team level.” Block reports quarterly on DEVIQ progress to the entire executive team. Block’s vision Guided by this data, Block has identified core priorities for improving developer experience, the most notable being instant developer environments, establishing golden paths, and bold investments in AI. Together, these initiatives form the Developer Experience team’s vision for accelerating engineering velocity. Instant developer environments Block’s quarterly developer surveys have highlighted several key areas for improvement, one of which is the delays engineers faced in setting up and iterating on local development environments. A key pillar of Block’s strategy is its “InstantDev Vision” focused on building a best-in-class internal developer platform where, as Coburn puts it, “everything just works.” “We are building a collection of developer tools that are turnkey,” Coburn explains. “We’ll need faster local builds, projects to be self-bootstrapping, or hermetic, and services to be run ephemerally. We want zero-click configuration – environments that just work and allow engineers to focus on delivering business value.” Investing in golden paths Establishing golden paths is a priority. Consolidating the toolchain down to a small number of focused investments gives developers leverage. “It allows us to have a handful of tools that are curated and focused,” Coburn explains. “These select choices can then be of high quality, well-supported, documented, maintained, secure, and reliable.” Another golden path is reducing time spent on information search and discovery, which Block estimates could save up to another 200,000 hours of developer time annually. “We’re consolidating all of our documentation into one platform across Block that is heavily integrated with AI to assist with search and content.” Leveraging AI AI sits at the cornerstone of Block’s developer experience strategy. Through its AI-native instant developer environment Block is actively embedding AI in all engineering workflows. “Our goal is to increase speed to market by 10x and improve efficiency across all aspects of software development,” Coburn says. “For example, most recently we built an AI migrator tool. Migrations from legacy codebases that used to take teams months to complete can now be done in days.” Block also launched an open-source AI Agent Codenamed Goose. Engineers can use Goose to pull Jira tickets, automatically create pull requests, and even pre-fill them with code. Unlike other tools that simply generate code, Goose acts as a full agent –developers can assign it tasks, and it delivers results. Block expects its efforts in AI Engineering Velocity to deliver a 30% boost in productivity while significantly improving reliability and employee engagement. By automating bottlenecks with AI tools, engineers are empowered to focus on innovation, advancing product development and fueling the company’s growth in fintech. Delivering incremental success Delivering on an ambitious vision

Society of Women Engineers (SWE) The Society of Women Engineers (SWE) has been around for more than seven decades, giving women engineers a voice in the industry. The organization aims to empower women to grow in their engineering careers and to bring better representation. Members gain access to a large community of women engineers, networking opportunities, professional development and career services, and they can also get discounts to several other organizations in the industry. The organization also offers several youth programs, scholarship opportunities, and professional programs for adults. Switch Switch, formerly known as Women 2.0, is a for-profit media and tech company that creates and delivers content, programming, products, and services designed to bring awareness to issues surrounding inequality and inclusion in the tech industry. Switch provides programs for founders trying to grow startups, and provides networking opportunities and resources on capital, hiring, workplace culture, and more. The goal is to create a more diverse and inclusive environment, especially when it comes to startups. TechLadies TechLadies is an organization that focuses on connecting members with jobs and opportunities in tech through an online network, a free job board, and events and resources to help members learn new skills to grow their careers. TechLadies’ more than 150,000 members receive access to a private online community, weekly webinars and a library of on-demand webinars, goal-setting challenges to stay motivated, and member-only online events. In 2022, Ada’s List joined TechLadies, bringing their nearly 10,000 members over to continue their mission to uplift women in tech.  source

In the fast-paced world of technology, it’s rare for an idea to capture the attention of CIOs and IT leaders universally—but the concept of the “café-like branch” has done just that. This new approach to branch office design and connectivity is rapidly becoming a top priority for organizations that want to balance security, connectivity, and the evolving expectations of their workforce. So, why are so many IT leaders talking about transforming branch offices into environments that resemble coffee shops? To answer this, we need to look at the major shifts reshaping the workplace and the network architectures that support it. The Evolution of the Workplace Since the global pandemic, the workplace has been anything but traditional. Employees experienced the freedom of remote work, logging in from kitchens, living rooms, or even their favorite coffee shops. The flexibility and autonomy of this model became a major driver of employee satisfaction. When the push to return to the office began, many employees were reluctant. Why? Because traditional office environments no longer aligned with their expectations for productive and enjoyable workspaces. This shift in employee sentiment has presented a challenge for CIOs. How do you fuse the security and productivity of traditional corporate offices with the autonomy and accessibility of a coffee shop environment? Café-like branches are the solution. These environments offer the best of both worlds: the flexibility of a workspace that feels familiar and dynamic, combined with robust security that ensures critical business processes remain protected. The Foundation of the Café-Like Branch: Zero-Trust Architecture At the heart of the café-like branch is a technological evolution that’s been years in the making—zero-trust security architecture. Unlike legacy systems that rely on implicit trust to connect employees and devices to the network, zero trust ensures that no device or user is trusted by default, regardless of whether they’re in the office, at home, or working from a remote satellite office. It’s like putting users on a guest network. During the pandemic, companies that leveraged zero trust not only transitioned to remote work more efficiently but also laid the groundwork for new connective models. By decoupling physical locations from traditional office networks—such as those reliant on firewalls or virtual private networks (VPNs)—organizations gained an opportunity to adopt more agile configurations like café-like branches. However, companies still on legacy systems like VPNs faced significant roadblocks. VPNs inherently expose more of the network than necessary and struggle to scale effectively for remote access. Zero trust eliminates these issues, allowing every branch or employee to serve as an independent entity while enabling secure access only to the specific resources each person or device requires. From MPLS Networks to the Cloud-First Era Beyond security, the café-like branch also addresses another critical challenge: legacy connectivity models. For years, organizations relied on Multiprotocol Label Switching (MPLS) to connect branch locations to data centers. While this approach worked well when applications and data were centralized, it became increasingly inefficient as workloads shifted to the cloud. Backhauling traffic from remote locations to a central hub only to redirect it to the cloud made no sense in terms of cost or performance. SD-WAN emerged as a solution to this inefficiency, enabling direct connections from branch offices to the cloud without the high costs of MPLS. But SD-WAN created a new problem: security. Implicit trust within these networks opened doors for cyberattacks and lateral threat movements, leaving organizations scrambling to retrofit security measures. This is where zero trust—integrated into the café-like branch—shines. By shifting trust models from network-based to identity-based access, businesses can enjoy the same direct cloud connectivity without compromising their defenses. What is a “Café-Like Branch”? The café-like branch takes this a step further. Instead of treating branch offices, factories, and warehouses as extensions of the corporate network, why not make them more like independent coffee shops or islands? With the café-like model: Branch offices connect directly to zero-trust exchanges using any Wi-Fi, broadband, or 5G connection. This eliminates the need to extend the corporate network to every remote site. The attack surface is minimized. Branch locations essentially become invisible to bad actors, reducing susceptibility to ransomware and other threats. Lateral threat movement is mitigated, preventing malicious access from propagating between sites. The result is a network that’s not only seamless but inherently more resilient. Securing IoT in the Café-Like Branch But zero trust doesn’t stop at standard employee devices like laptops and smartphones. Today’s offices host millions of Internet of Things (IoT) devices, from smart thermostats to connected printers. Unfortunately, these devices often lack enterprise-grade security and were never designed with sophisticated threat landscapes in mind. Using zero-trust device segmentation, businesses can now classify and isolate IoT devices into their own “network of one,” significantly reducing the risk of an IoT breach compromising crucial assets or customer data. Traditional micro-segmentation strategies have been costly and time-consuming, but modern zero-trust technologies offer a scalable, agentless approach that secures all endpoints without the downtime or complexity of older models. CIOs Are Embracing the Future In today’s landscape of constant threats and evolving work expectations, the importance of the café-like branch cannot be overstated. It provides the perfect framework for CIOs to deliver what their organizations demand: flexibility, security, and high performance. By adopting this model, companies are not just keeping pace with change—they’re leading it. As the café-like branch continues gaining traction, it’s clear that this model is redefining what it means to work securely and remotely. CIOs who invest in this approach will do more than modernize their networks. They’ll provide their companies with a strategic advantage—and create workplaces where employees choose to thrive. Welcome to the future of work. The Zero Trust Branch helps eliminate all the challenges that legacy architecture leaves behind. Find out how Zscaler does just that in this video. source

“Without integration, AI agents are starved of contextual data that they need in order to act,” Hinchcliffe explained, adding that rivals are likely to respond by improving their own integrations, but Salesforce’s strength and deep bench in business logic, integration, and process automation will be difficult to match quickly. Other updates, such as making features, such as the Topic Center, MuleSoft integrations, Tableau Semantics, and Slack integrations, generally available are expected to help enterprises cut down on the time and complexity of building a new custom agent, integrating it into a workflow, improving agent responses, and deploying them on Slack. Wooing developers to increase agent adoption As part of Agentforce 2dx, Salesforce has introduced a series of updates that are aimed at wooing developers by giving them more control to build, test, and deploy agents. source

Hi everybody. Welcome to Global Tech Tales, the show where we talk with editors from around the world about the latest technology and leadership topics to find out what buyers want. I’m Keith Shaw co hosting along with Matt Egan, the global content and editorial director at Foundry, who also is representing the UK on this global podcast. And joining us on this episode is Andrea Benito. She is the editor of CIO Middle East for Foundry.Welcome everybody. Hello, hello, thank you. You know the episode that we’re going to talk about today is managing risk in an AI world. So we’re going to talk a lot about security, but also talk about risk. And when we start the show, we talk about some statistics. And so from our friends at IDC, from their worldwide responsible AI survey, they said more than 30% of respondents have noted that the lack of governance and risk management solutions was their top barrier to adopting and scaling AI. More than 75% of those who use responsible AI solutions reported improvements in data privacy, customer experience, confident business decisions, brand reputation and trust and organizations are increasing their investments in AI and machine learning governance tool, 35% of AI organizations spend in 2024 was allocated towards governance tools, and 32% was to professional services. However, another survey by PwC showed that while 73% of executives said they currently plan or plan to use generative AI in their organizations. Only 58% of them have completed a preliminary assessment of AI risks in their organization. So as we think about these statistics, I want to hear what people are talking about around the world, some of from from the IT leader perspective. So you know, what are some of the risks that they are discovering that need to be managed? So Andrea, why don’t we start with you? You know, what are you hearing in your side of the world?It depends who you ask. If you are talking to a CIO or you are talking to a CISO, because AI, for example, is an open door for CIOs as a great opportunity, but it’s also a back door for hackers and more sophisticated attacks. So what I hear is that CISOs need to be proactive, and of course, they can modernize cyber security measures and AI driven risk management strategy and are becoming more integral across industry, but evolving trends are also emerging due to AI so CSOs, they see a great potential, but because of all the volume of data that is being generated on all the new attacks that are coming through, AI is this a false alarm? Because of the vast volumes of data like they need to find the difference between true threats and false alarms. I can say that, for example, in the UAE, where I’m based, there is a proactive approach to AI. We have a national artificial intelligence strategy for 2031and we have seen a huge increase in the use of AI, especially specialty in the healthcare sector, but also in oil and gas, where they are integrating AI for predictive maintenance and logistics. That’s one of the, you know, huge sectors across the Gulf region, oil and gas.Yeah, but as I say, great opportunity for CIOs, but a back door for more sophisticated and new attacks. So CISOs, they see AI as a kind of a threat, and they fear the impact of having AI everywhere. I mean everything, okay.And Matt, you know, I wanted to ask you about some of the different areas of risk. Do you think that data privacy is the is the biggest issue, or is it some other areas where some potential risks could be jumping in, whether it’s, you know, generative AI that could create a vulnerability or or things like that, or, you know, the risk of putting AI into a company’s existing products, you know, or is data privacy like the big, the big chunk?I mean, it’s certainly one of the biggest, if not the biggest. It’s really interesting actually listening to Andrea, from her perspective, and Keith, you and I, you know, I’m in the UK, we’re both very focused on the US market. All IT leaders. Literally every single one tells us that they are either scoping, trialing or implementing AI projects. And in our own recent research, our AI priority study, 98% of IT decision makers say they see challenges with AI deployments, and a big part of that is, is, to your point, is the unknowns, right? AI is a very powerful thing. It can exponentially accelerate good outcomes, which means and Andrea touched on this like it can accelerate bad outcomes too.And in the same piece of research, and certainly in anecdotal conversations, you have, 96% of decision makers IT leaders say they have difficulty addressing the ethical implications when implementing AI technologies, 44% to your point, Keith, specifically say they have concerns over data privacy. And a really interesting stat, I think, is that 30% of surveyed, IT decision makers say they believe that organizations are moving too fast, specifically with generative AI, none of these things are directly about managing risk, but it’s all related, right? There are unknowns. AI is an accelerator. IT leaders. Andrea spoke about this. The CIOs, they’re kind of under pressure to to go and play in this space and and find out, like, how success can be achieved. And you touched on this. Keith, like, I think data privacy is a big part of this, but I think we can break down the risks into two different approaches.One is the use of AI in existing internal processes and operations, and the other is the building of AI into products and services that are going externally. And they do offer two different, completely different types of challenges. On one hand, on the internal side, you have to manage the risks of things going badly wrong, and that

Vault Panda and Envoy Panda are two groups that target government entities, but whereas Vault Panda is broad in its targeting, also going after financial services, gambling, technology, academic, and defense organizations, Envoy Panda seems focused on diplomatic entities, especially from Africa and the Middle East. Vault Panda has used many malware families shared by Chinese threat actors, including KEYPLUG, Winnti, Melofee, HelloBot, and ShadowPad. The group regularly exploits vulnerabilities in public-facing web applications to gain initial access. Meanwhile Envoy Panda is known for its use of Turian, PlugX, and Smanager. PlugX, aka Korplug, is one of the oldest remote access trojans used by China-linked cyberespionage groups, with original versions dating back to 2008. Another commonly shared resource between Chinese threat groups are so-called ORB (Operational Relay Box) networks that consist of thousands of compromised IoT devices and virtual private servers that are used to route traffic and conceal espionage operations. These networks are similar to botnets, but are primarily used as proxies, and are often administered by independent contractors that are based in China. They complicate attribution due to the often short-lived nature of the IP addresses of the nodes being used. source

00:00 Hi everybody, welcome to DEMO, the show where companies come in and show us their latest products and services. Today, I’m joined by Dorit Silbershot, Vice President of Product Management for AI at ServiceNow. Welcome to the show, Dorit. 00:10Thank you for having me, Keith. 00:12ServiceNow is a pretty well-known company, right? You’re a big player in the IT service management space, correct? What are you here to show us today? 00:19All of our customers — and really, companies in general — care a lot about productivity. A recent IDC report showed that IT spending is actually three times more than the U.S. GDP this year. So we know everyone is focused on productivity and making sure they get the best ROI from their investments in the ServiceNow platform. I’m here to show you our Xanadu release, which came out in September. We’re very excited about this — it’s our biggest AI release ever in the history of ServiceNow. I’m going to show you how, with generative AI and the integration of all these capabilities into our platform, our customers can see significant productivity gains. 01:05Within a large enterprise, who are these products primarily geared toward? 01:11That’s interesting because the answer is: everyone. Whether you’re a support agent, a support manager, a knowledge manager, or an administrator of the service, everyone in the enterprise benefits from these capabilities. 01:27What specific problems are you solving? You must be addressing a lot of different challenges, but with this new release, what’s at the top of that list? 01:36Today, I’m going to show you how we streamline service delivery across both IT service and customer support. I’ll also show how we help support agents and employees have a much better experience. 01:50Without this, what would companies be doing? I’m guessing they’d be struggling a bit, right? 01:54They would definitely be struggling — lots of suffering. They’d also be spending significantly more time working on these issues. 01:59The goal here is to optimize their time and make companies more productive. I saw some of this before the show — there’s some really cool stuff here. Let’s jump right into the demo. 02:09Perfect. I’ll start by showing you the support agent workspace. This is where an agent works on a case. In this example, you can see some back and forth between Amy, who opened the ticket, and John. Now John needs to update Amy, and he needs to write an email. But in the era of generative AI, why should John spend time writing emails manually? He can just ask Now Assist to generate the email for him. Now Assist can look at all prior communications and all related knowledge articles in the system. It drafts the email for him, ensuring the actions John wants from Amy are well documented. This isn’t just a time saver — it makes John a better support agent. 03:05It’s pulling data from previous tickets and the knowledge base? 03:10Exactly. It generates a thorough email with all the relevant information, streamlining communication between the agent and the customer or employee. I can then send the email immediately. This is just one Now Assist capability that we shipped as part of Xanadu. But we wanted to go even further — we wanted to let customers build their own generative AI capabilities tailored to their specific needs. That’s why we’re introducing the Now Assist Skill Kit. With a simple prompt, customers can build these skills within ServiceNow. For example, after sending an email, maybe I want a quick summary of it. That’s not something we ship out of the box, but as a ServiceNow customer, I can easily create that with a prompt. I can evaluate it, turn it on in the UI, and now the email summary button appears. With one click, I get a full summary of all the emails in the case. If I’m new to the ticket or want to know what’s happened previously with Amy, I just click a button, and all the information is right there. Amazing, right? We also wanted to support managers, so if I’m an IT service manager wanting to understand team performance, I have this dashboard showing active incidents. But what if I want to see my team’s KPIs today? Currently, I’d have to work with a ServiceNow admin to create a custom data visualization, but not anymore. In the latest release, we democratized data access. Now, I can create my own visualizations using simple English commands like “Show me incidents by channel as a pie chart.” The system understands and generates the visualization instantly. 06:00That’s great. 06:03We’ve also taken it to the next level by introducing AI Agents in Xanadu. AI Agents go beyond generative AI skills — they can autonomously perform work. They think, make decisions, and act on behalf of users. We’re starting with support agents. Let me show you a real-life story (with names changed, of course). One of our customers handles a lot of requests around gift cards — extending them, replacing them, etc. Right now, this process requires the agent to search through multiple knowledge articles and figure out what the customer is entitled to. This takes anywhere from two hours to two days. With AI Agents, that changes. Here’s an example: Matt submits an email request to get a refund for an expired prepaid card. Beth, the agent, receives the request. Previously, Beth would have to dig through knowledge articles and figure everything out herself. Now, when she opens the case, a notification tells her that Now Assist knows how to solve the issue. She can view the plan in the Now Assist panel, which lays out all the steps. Beth can challenge the AI Agent if needed — she might ask, “How will you validate if the card can be replaced?” Since explainability and building trust are critical in the enterprise, the AI Agent explains exactly how it made the decision and how it plans to validate the case. Once Beth feels