A question I often get is “what certification or knowledge should I pursue to get me a better job?”. Or variants such as “which cert is going to get me employed?”. Here is my opinion on it. Certificates only bring you so far. Most companies aren’t looking for people with knowledge. They are looking for the results that the knowledge brings, such as improved processes, new revenue, etcetera. Today’s major innovations are in using generative AI. ...
(sent nov 11. How to make AI work for you) By now, you probably had your first encounters with AI. What did you run into? Would love to know about that. While I am currently on a sabbatical, these things are top of mind for me. For me, I am focussing on two AI directions. Given my background in cloud security, I cannot help but think about AI security and governance. ...
Applications based on LLMs (Large Language Models) have risks too. The OWASP Top 10 for LLM Applications risks are a good start for analyzing the risks of such a system. These types of applications, like many others, are also cloud applications. This means that there is a variety of parties responsible for controlling those risks. But, who is supposed to do each control? And which role do they have? For example, there are model providers, there is the AI consumer, and so on. For a deeper story on these roles look at AI roles. ...
Typical mistake. Manage your IT by reviewing all the tech and trying to figure out how to make sure it works, so that it can deliver value. That is the wrong sequence, you likely to overlook the important bits. You can’t manage your IT without looking at resource conflicts. Most IT systems act as some kind of digital infrastructure to its users, meaning that it has shared resources. This sharing drives the benefits, for example by reducing cost or exchanging information. ...
Many in the IT profession confuse risk treatment with risk management. Risk treatment is the process of reviewing a relevant risk and finding out what to do about it: mitigate, accept, or whatever it is you deem appropriate. If you look closely, there is so much risk in IT. Every individual device, every configuration setting (MS-Teams has over 2000 of them), every line of code, is potentially a risk. That is a lot of risk. ...
to publish 22 dec ; nr 3. In a previous message I wrote about the differences between risk treatment and risk management. These are typically different activities, carried out by different parts of the organization. But here is what often goes wrong with these activities. If you understand the difference, you might be able to do something about it. Risk management starts at the top as a paper policy and then gets translated into more and more paper. This process gets stuck when the higher layers in the organization don’t understand when their bureaucratic system can actually be translated into real tech. ...
AR nr 4 dec 2025. 23 dec IT has not much value of itself, but it is a tool to create value elsewhere. Often IT is about controlling a process better. With more information about, for example, prospective customers, you can make them better offers. With more information about the temperatures of your house, you can heat or cool it more efficiently. With more information about stock, you can run better logistics. ...
AR nr 5 dec 2025. 29 dec Subject: Velocity: the key to realizing value with IT Many companies struggle to realize the value that they think should be realized with their IT. Especially when they have multiple related projects going on, and a substantial set of applications. What is often missing is velocity. Velocity is not just speed, it is speed with a direction. Velocity is important, because when IT features become available sooner, two things happen. ...
AR nr 6 dec. 30 dec. AI is dangerous. Really dangerous. People project all kinds of human intelligence to it. But it is only a simulation of humans. Yes it is right a lot of the time. But unchecked its disasters can be colossal. Uncanny valley. AI is dangerous for the same reason large infrastructures are dangerous when misunderstood. I have collected the best parts of my years of consulting experience on real projects into my book Digital Power: How Digital Infrastructures at Scale lead to Value, Power, and Risk. ...