The EPAM Continuum Podcast Network

The cloud creates “cloud cowboys,” says Yinon Costica, VP of Product and Co-Founder of Wiz. This creates, as you might imagine, security issues. “Cloud allows people to really own their stuff end-to-end. They can basically create whatever they want,” says Costica. But he says that security professionals need to ensure that the cowboys can “govern their environments in a way that is secured while they continue to build.” These issues set the theme for this #CyberesecurityByDesign conversation between Costica, Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and Aviv Srour, our Head of Cyber Innovation. Rehman notes that the frequency of change in cloud is “great for software engineering,” but adds: “It also makes it very, very difficult for you to actually find your baseline, your footing,” regarding security. One of the most useful things we learn in this episode is how cloud might help spread the responsibility for security. In the past, security was solely the problem of the security team but with cloud and its self-serve nature, Costica says: “Security now should be democratized to those who are actually managing the environments, running the resources, have the right context.” As a group, the guys talk about the differences between on-prem and cloud security, the role of visibility plays in cloud, the pragmatism cloud brings to security, and more. Understanding the manifold nature of cloud is critical, and it will require a lot more education than many organizations realize. Says Rehman: “If you don't have a good understanding of what your cloud looks like, which is majority of people out there, then you still have a huge problem.” Be part of the solution: Listen. Host: Kenji Ross Engineer: Kyp Pilalas Producer: Ken Gordon

When it comes to financial literacy, many banks and financial institutions claim it’s something they actively prioritize for their customers. In reality, this often tends to be lip service. “Banks like to think they’re doing something in this space….They’ll write a long blog that will sit in a resource page on their website. But if you look at the analytics behind those pages, generally they have very few views. They’re not teaching anything to anyone, and this content is just not visible.” This is the claim of Alex Jimenez, EPAM’s Managing Principal of Financial Services Consulting, as he and Theodora Lau, Founder of Unconventional Ventures, discuss the shortcomings of retail banks when it comes to providing customers with financial literacy and guidance. “What is their [the bank’s] intention for putting this information out there? Is it just to check a box? Or are they doing it because they genuinely want to help?” asks Lau. If it’s truly the latter, then their efforts are genuinely falling short, especially in this time of unprecedented technological innovation. Worse yet, the one-size-fits-all approach—like an online resource center—fails to address the unique and varied needs of a large swathe of customers. “In the data from a recent survey we conducted, we found that Gen Zers were using physical branches at nearly the same rates as Boomers. It’s because mainly they want to have someone in person to talk to them. And part of that is because we have not done a great job to give young people an understanding of finance,” says Jimenez . To that extent, banks also need to be cognizant of how they’re training their frontline staff to have financial literacy conversations. Jimenez touches on this, saying, “From a banking side, we also don’t tool our customer-facing employees to be able to do some of this. The philosophy has been, ‘Consumers know us as a bank and therefore will come to us because they trust us and that’s when we can give them guidance about managing their money.’” However, this shortsighted approach can actually leave banks vulnerable to their FinTech and big tech competitors, providing an opening for them to take away market share. The good news is, there are plenty of opportunities for banks to close this gap with technology. Jimenez says:, “My credit card gives me an alert every time I make a purchase. I love that. But every once in a while, I want that alert to be more than just an alert saying, ‘You just spent $100 on Amazon.’ Give me some contextual advice specific to that transaction. That’s the sort of thing that we in the industry could do if we had the wherewithal to do it.” Right now, it’s time to familiarize yourself with the full *Silo Busting* conversation. Get clicking! Host: Mo Banjoko Engineer: Kyp Pilalas Producer: Scott MacAllister Executive Producer: Ken Gordon

The era of generative AI needs humans… not just the data sets they create. Now and going forward, companies will need to depend on perceptive, intelligent, creative humans who can evaluate and, when necessary, stand up to the black box output AI throws at them. What kind of traits do such people embody? Where might we find them? What might they teach the rest of us? That’s what this episode of *Silo Busting* is all about. Tariq King, our VP and Head of Product-Service Systems, and Ira Livshits, Senior Data Scientist at EPAM, meet the test-based questions of Producer Ken Gordon with knowledge and aplomb. King, who spent much of his career hiring testers, says he looks for “the way that someone actually approaches solving problems and thinking perhaps in a different way or from a different perspective.” Livshits notes that with testing in generative AI, “sometimes there is no right or wrong” and that a tester will “have to act or decide based on his or her understanding of the field and maybe intuition.” In short, she says, testing has become much less of a black-and-white job. Together King and Livshits create a model conversation. They talk about how explainability fits in here, why musicians and liberal arts people make for good testers, the importance of being able to relate findings to a given audience (“[if] I have a PhD focused on machine learning, probably I can understand certain things in a different way than someone who may not have that degree,” says King), and how generative AI is bringing the role of testing closer to the fore. Go on, give it a test-listen. Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon

When it comes to empowering women—truly empowering them—The Estée Lauder Companies is doing something different. We know this because Michael Smith, CIO of ELC, recently dropped by *The Resonance Test* to talk about the extensive success they’ve had in this area. In a conversation with Regina Viadro, EPAM’s VP and Co-Head of North American Business, and *Resonance Test* Producer Ken Gordon, Smith details how his organization promotes women’s leadership and diversity within the company and in the broader community. When your company serves people, whether colleagues or consumers, Smith says: “Your organization should reflect that and be representative of the people you serve.” One way they do this is through their Open Doors program which is, in Smith’s words, “a learning community. It's a movement that develops talent and it's focused on building culture.” The program features a weeklong leadership intensive, a year of coaching support, and access to an online interactive learning community. It's an impressive approach to creating a talent ecosystem, and the effects of the Open Doors initiatives are undeniable. • Nearly 90% of the intensive participants are still with the company. • 52% have been promoted. • 100% of the Open Doors participants self-report, Smith says, “an increase in their growth mindset.” When it comes to women in tech, ELC is doing well. “The tech industry is at 28% women. We're sitting today at 34%,” Smith says. “I'm not satisfied with that number. We know that we can do better.” Smith notes that his organization is interested in professional development at every layer. “We've doubled and tripled our internship program over the last few years, and we have a strong focus on recruiting women,” he says, adding: “We're seeing great success in people continuing to be promoted, continuing to grow into new roles.” Speaking of growth: ELC has a wonderful dual career path initiative in place. “In a traditional organization, people hit that manager level and the only way they can continue to grow is to get bigger jobs,” he notes that his organization has another, attractive option: “They don't want to lead large teams, they want to be experts and make an impact with their subject matter expertise.” (We know all about such a path!) Finally, Smith talks about The Tech Day of Pink, an initiative with a great mission: aiming to end breast cancer within our lifetime. All in all, it’s a fine, instructional conversation. Open your mind by listening to the stories of all the doors ELC has opened. Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon

The reason we don’t think of insurance as an industry on the cutting edge of technological innovation is that, well, it’s *not.* Not today anyway. Nonetheless, insurance’s brightest thinkers know a change is overdue and are making the transformation to digital a reality. Doing so involves the incorporation of robust data and analytics programs, and that’s precisely what we’re talking about on this episode of *The Resonance Test.* Lynn Rivenburgh, VP of Business Consulting at EPAM, joins Harini Wilkinson, SVP & Head of Data & Analytics for Protector Plans, a subsidiary of Brown & Brown Insurance, and Sirat Chhabra, our Director of Insurance Data & Analytics Consulting, for an appraisal of the role data and analytics currently (and ideally should play) in the insurance business. Wilkinson says that more and more insurance companies are investing in “data analytics strategies, in the road map to really use this to move forward.” She adds that the industry as a whole has been talking about the topic for some time but that the pandemic really escalated the need to act. “We're seeing that data analytics and becoming an insight-driven organization has been one of the top three priorities for our clients,” says Chhabra. Chhabra details the saga of becoming a data analytics-driven organization in three stages: data collection, data preparation, and product creation for data analysis. And, of course, clients are all at different stages of data maturity. “In my current organization, where we're at the beginning, we've never really used data to drive our business forward,” says Wilkinson. They are at “the beginning stages of really understanding what data is there and how do we structure it in a way that we can use it.” Our three insurance-minded speakers get into the issues of data governance (a little silo-busting, please!), legacy systems, and the nuances of measuring success. If you’re thinking about insurance, this conversation will certainly carry your interest! Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon

If a bank releases a new digital product, but it’s not intuitive enough to resonate with customers, does it make a noise? When a bank undergoes a major digital transformation, what steps can they take to help ensure the experience they’ve painstakingly crafted resonates with customers and makes the right kind of noise in the marketplace? These are the sorts of questions Alex Jimenez, EPAM’s Managing Principal of Financial Services Consulting, is asking of John Findlay, CEO of LemonadeLXP, in this #TakeItToTheBank conversation. For many years now, Findlay and LemonadeLXP have introduced gamification to the onboarding process to improve the adoption rates of new digital products as banks roll these experiences out to their customers. “Inherently, we all want to believe we build software that’s intuitive, that people will easily understand and get up to speed on quickly,” says Findlay. “I think that optimism is born out of seeing amazing products like the iPhone and the iPad, but what’s forgotten is Apple had trillions to invest in UX.” So how can banks make customers feel comfortable with their new tech following a major digital transformation? Findlay says: “The best way to drive adoption is through your frontline. But what we’ve learned is that at about 70% of financial institutions, staff don’t bank with their employer. So, if they don’t bank with you, they don’t use your tech and if they don’t use your tech, there’s no way they can have customer conversations about it.” Given the current state of the global economy, providing customers with a satisfying digital experience is more important than ever. “We want to keep [customers] happy,” Jimenez says, “And not just customers but employees…because at the end of the day… if you’re not supporting people, there’s no point in putting more technology out there.” Findlay agrees. After all, it’s people who are the drivers of ROI when it comes to tech investments. And when customers embrace a bank’s tech and transition away from branch use to these digital transactions, the banks stand to see a major reduction in the costs of processing those transactions. But the responsibility for effective digital transformation shouldn’t fall solely on frontline employees. Leaders within the organization need to be the driving force behind adoption. And that’s where gamification can have a major impact on motivating leaders to embrace and model the use of new digital products. Jimenez says, “Gamification can take someone [in leadership] who’s not interested in the topic, who doesn’t see it as impactful to their job because they’re the head of mortgage, for instance, and then suddenly they’re a champion of the system and really understand how it works.” That kind of top-down embracing of a product, a piece of software or a particular user experience can greatly drive literacy throughout the organization. And that literacy has a direct impact on the bottom line. Findlay explains this notion through the lens of an agent in the contact center. Improved literacy means that agent is better equipped to walk customers through transactions, shortening talk time, improving the customer experience, and ultimately making the agent experience much less stressful (which can limit employee attrition). Right now, it’s time to familiarize yourself with the full Silo Busting conversation. Get clicking! Host: Mo Banjoko Engineer: Kyp Pilalas Producer: Scott MacAllister Executive Producer: Ken Gordon

On the latest #CybersecurityByDesign conversation, we’ve got our minds set on… hacking. Bruce Schneier, author of the recently published *A Hacker’s Mind: How the Powerful Bend Society’s Rules and How to Bend Them Back Again,* chats with Sam Rehman, EPAM’s Chief Information Security Officer and SVP, about the hacking mindset and what it means for security in the age of generative AI. Schneier gets the conversation rolling by defining a hacker as “Someone who finds a bug or vulnerability, a loophole in a set of rules, and exploits it to their advantage.” He talks about hacking not just computers but tax systems, hockey, tax codes, and Formula 1 racing. Rehman mentions that he appreciated a couple of Schneider’s examples and Schneier replies: “There are a couple? There are dozens of examples! Examples are what makes the book fun!” (Reader: The book is fun indeed.) Schneier notes that “hacking isn't necessarily good nor bad,” which might surprise some who live outside the perimeter of the cybersecurity world. “Hacking is how systems evolve. If I figure a clever way to use a system, to subvert a system that no one thought of before, there are benefits as well as costs.” The guys then get into the inevitable topic of 2023: The costs and benefits of hacking in the context of AI. “I think it's gonna be a big arms race in AI and security,” says Schneier, adding that in the near term, AI will benefit the defender. “The attacker is already attacking at computer speeds. Being able to defend at computer speeds will be an enormous benefit.” While he’s generally optimistic that AI will be good for the good guys, Schneier says “The transition period will be very chaotic.” This chaos will come from the idea of AI has a hacker. He points to the idea of accountants—human ones—poring through tax code looking for loopholes to exploit: “That feels like something that you can train an AI to do,” he says. “And what happens when AI finds vulnerabilities in tax codes or financial regulations or other sets of laws? How will that work? How fast will they be? How clever will they be? Will they find things that are just so complicated that humans would never have found them?” Schneier says that AI will increase the speed, scale, sophistication, and scope of hacking and wonders if these differences in degree will make a difference in kind. Then he answers: “The advances in AI in the past six months have been enormous. The next six months will be even bigger. Conversations we have today aren't going to be true in six months.” What won’t change, however, is the hacker’s essential mind, which Reman admits has always been part of him: “I have always looked at everything as: ‘What else can I do with this?’” “That’s totally the hacker mindset,” replies Schneier. “I don't think you can train that. I think that is something you either are or are not.” Host: Macy Donaway Engineer: Kyp Pilalas Producer: Ken Gordon

When it comes to artificial intelligence, how responsible is the financial services industry? How responsible must it be? And how what steps should it take to get there? These are the sort of questions Alex Jimenez, EPAM’s Managing Principal of Financial Services Consulting, is asking of Kathryn “Kate” Hughes, our Director of LegalTech and ERM Business Consulting, in this #TakeItToTheBank conversation. Hughes says that many financial firms have long invested in AI and they’re “starting to see a level of incremental benefit from AI.” She mentions a tool called ChatGPT—you might have heard about it—and says that people have been looking for a “sweet spot of a scenario or a use case” and that ChatGPT “hit it out of the park.” Jimenez notes that while it’s good to invest in AI, it’s important to view it realistically. “ChatGPT is not built to be to be replacing a call center,” he says. “It's not built to replace the advice from your licensed advisor or from your banker or from your accountant.” The pair have both tested ChatGPT, and quickly found some limits. Jimenez recently asked it about himself. “It invented a whole biography, he says. “It talked about my life and how I lived in San Francisco and how I did all these things, which are not real. And then when I asked for the sources, the sources were made-up as well.” Hughes recently asked the AI about her pension. “It gave me a really good overview of the United States pension system but did not in any way actually answer my question.” Hughes wisely argues for a measured approach to AI. “I think we have to be *adults* when engaging this technology,” she says. “One of the finest ways to engage AI is to think about it as a co-collaborator… rather than think of it as some, you know, alien other, and to sort of bring it into the mix.” Risk is, obviously, a big issue here. “Banks need to start thinking about how they manage the risks around AI,” says Jimenez, and he warns against the danger of “digital redlining,” which is when “the data that we're using is biased and now the decisions that the AI is doing are biased as well.” Hughes speaks about the guidelines proposed by the Wolfsberg Group and the proposed legislation for the EU harmonization of AI regulation, which call for things like ensuring that there is a legitimate purpose, making sure that there is accountability and oversight, openness and transparency built in. Guidelines are great but the big question remains: How to move FS toward AI responsibility? Hughes says there are two paths. The first involves insuring “that the organization has its own governance and policy, brand reputation and ethic.” The second path involves education. Hughes recommends reading about the proposal for harmonized rules for AI across the EU, the Algorithmic Accountability Act, and the AI Bill of Rights and notes organizations should start familiarizing themselves “with the actual content of these proposed legislative items.” Right now, it’s time to familiarize yourself with the full *Silo Busting* conversation. Get clicking! Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon

Not *soccer* teams: SOC teams. When we say SOC, we’re talking, of course, about the Security Operation Center, a group charged with monitoring, detecting, preventing, and responding to cybert threats. In this #CybersecurityByDesign conversation Michael Mumcuoglu, CEO and Founder of CardinalOps, Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and Aviv Srour, our Head of Cyber Innovation, illustrate the term with vivid examples and relevant, up-to-the-minute details. The big challenge is the ever-increasing complexity of our digital systems. “The rate of tech adoption in the business and the evolving threat landscape are basically outpacing the SOC,” says Mumcuoglu. He says that SOC teams are involved in “a constant chase trying to catch up with all that change.” Education is a constant for the SOC team. “With every new tool and with every new technology, that team needs to have now subject matter experts in really have a huge range of technologies,” Mumcuoglu says. Part of the issue involves rules. “I have seen many incidents which could have been easily prevented with the proper rules,” says Srour. The three cyber experts talk about collecting logs, blind spots, staying up-to-date and handling the burden of false positives. Rehman says that for most CISOs, “the abundance of white noise” would not just cause a capacity problem, but would “numb the system down, meaning your teams would now no longer have the right awareness of what is really an anomaly, what is really odd, what is really something that requires investigation. That abundance of white noise actually would kill your system.” In other words: SOC today is anything but a game. It’s serious business. Learn what it takes to train your team from some veteran players. Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon

There's value—business value—lodged in the cloud! But to begin releasing this value, a shift in mindset is required. Organizations need to understand that cloud isn't just for IT people but for business leaders seeking to create an adaptive organization and apply the idea of composable business. Cloud is essential for creating composable business, and all it promises. In this *Silo Busting* conversation, Eli Feldman, EPAM's CTO of Advanced Technology, says: "Cloud service providers are API providers and this is fundamental in understanding... new ways of working." He talks about how cloud can help business "evolve its capabilities very rapidly, repackage them constantly to meet customer demand and IT technology." Feldman says the cloud can enable a wide variety of services and endpoints through APIs that can integrate within an overall business platform capability. His conversational partner Miha Kralj, EPAM’s VP of Cloud Strategy, notes that cloud can give the "illusion of global omnipresence," in which business "can reach to every corner of the world, not just because cloud is everywhere, but also reach of the internet and also digital savviness of all of the modern consumers that are out there." Listen as these two experts talk about how the new cloudiness is changing the craft of modern engineering and introducing change management challenges to leadership everywhere (say Kralj: "The cheese is moving again, right?"). You don't want to just move to the cloud; you want, as Feldman says, to *become* the cloud. The episode will provide instructions on beginning to do so. Host: Glen Gruber Engineer: Kyp Pilalas Producer: Ken Gordon