The EPAM Continuum Podcast Network EPAM Continuum

Responsible AI isn’t about laying down the law. Creating responsible AI systems and policies is necessarily an iterative, longitudinal endeavor. Doing it right requires constant conversation among people with diverse kinds of expertise, experience and attitudes. Which is exactly what today’s episode of *The Resonance Test* embodies. We bring to the virtual table David Goodis, Partner at INQ Law, and Martin Lopatka, Managing Principal of AI Consulting at EPAM, and ask them to lay down their cards. Turns out, they are holding insights as sharp as diamonds.

This well-balanced pair begins by talking about definitions. Goodis mentions the recent Canadian draft legislation to regulate AI, which asks “What is harm?” because, he says, “What we're trying to do is minimize harm or avoid harm.” The legislation casts harm as physical or psychological harm, damage to a person's property (“Suppose that could include intellectual property,” Goodis says), and any economic loss to a person.

This leads Lopatka to wonder whether there should be “a differentiation in the way that we legislate fully autonomous systems that are just part of automated pipelines.” What happens, he wonders, when there is an inherently symbiotic system between AI and humans, where “the design is intended to augment human reasoning or activities in any way”?

Goodis is comforted when a human is looped in and isn’t merely saying: “Hey, AI system, go ahead and make that decision about David, can he get the bank loan, yes or no?”

This nudges Lopatka to respond: “The inverse is, I would say, true for myself. I feel like putting a human in the loop can often be a way to shunt off responsibility for inherent choices that are made in the way that AI systems are designed.” He wonders if more scrutiny is needed in designing the systems that present results to human decision-makers.

We also need to examine how those systems operate, says Goodis, pointing out that while an AI system might not be “really making the decision,” it might be “*steering* that decision or influencing that decision in a way that maybe we're not comfortable with.”

This episode will prepare you to think about informed consent (“It's impossible to expect that people have actually even read, let alone *comprehended,* the terms of services that they are supposedly accepting,” says Lopatka), the role of corporate oversight, the need to educate users about risk, and the shared obligation involved in building responsible AI.

One fascinating exchange centered on the topic of autonomy, toward which Lopatka suggests that a user might have mixed feelings. “Maybe I will object to one use [of personal data] but not another and subscribe to the value proposition that by allowing an organization to process my data in a particular way, there is an upside for me in terms of things like personalized services or efficiency gains for myself. But I may have a conscientious objection to [other] things.”

To which Goodis reasonably asks: “I like your idea, but how do you implement that?”

There is no final answer, obviously, but at one point, Goodis suggests a reasonable starting point: “Maybe it is a combination of consent versus ensuring organizations act in an ethical manner.”
This is a conversation for everyone to hear. So listen, and join Goodis and Lopatka in this important dialogue.

Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon

Can today’s companies afford to be luddites?

This is one of the big questions that Elaina Shekhter, EPAM’s Chief Marketing & Strategy Officer and SVP, puts to today’s *Resonance Test* guest, Rowan Curran, Senior Analyst at Forrester.

In the case of generative AI, both answer: No. Why? Shekhter notes that whatever your competitive edge in 2022, today everyone is encountering a different mode of operations. The positioning around the success or failure of your AI efforts must be “accelerating along the vector of AI, because the opportunity to get away from the competition, faster, is much greater now than it ever has been.”

In a lively and informed session of back-and-forth, they parse what is real and what is a hallucination in GenAI *at this moment.*

Curran says that lately there has been an “ebullient explosion” of work on tools and approaches to manage system outputs. “Are we there yet in terms of having these be optimized architectures and things like that? Absolutely not. But is there tons of work being done there or are we approaching reasonable solutions to those problems? Yes, absolutely.”

What should companies be doing to ensure they're ready to benefit and succeed with AI?

“Right now, everybody's building the gen one of enterprise generative AI applications,” says Curran, and this will make them ubiquitous. But if your organization fails to adopt them, he adds: “You are going to be falling behind everybody else who is actually building with this stuff today.”

Listen closely and learn what will the currency of the future be, the commercial and economic models of successful GenAI, the nature of productivity gains: “Somebody saving 30 minutes per day who makes $60K a year is going to have a very different economic impact on the company versus somebody who makes $200K a year and saves 30 minutes per day,” Curran says. They also discuss how this new tech will transform the shape of work and what companies will be focusing on this year: “2023 is the year of excitement and experimentation, and 2024 is the year of optimization and efficiency,” says Curran.

Oh… and it might also transform the future of fun! “I do think we could use the new technology to make work more fun for people,” says Shekhter, who sees in the soaring advance of multimodal LLMs an opportunity for people “to develop in an enlightened way.”

Enlighten yourself first. Smash that play button.

Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon

“There’s been an incident,” is a sentence no one wants to hear… except perhaps people like Ron Konigsberg, Co-Founder and CTO of Gem and our guest on *Silo Busting,* whose business is cloud incident response (IR).

We know what you’re thinking: What makes cloud IR different from all other forms of IR?

Let’s let Konigsberg explain: “The challenge is that the cloud is technically simply different.” If you’re using legacy tools, “you're going to protect probably 20% of the cloud.”

Konigsberg is joined in conversation by Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and the pair are pelted with questions by Aviv Srour, our Head of Cyber Innovation.

Konigsberg says that incident responders need to “adapt from network and agents to services and APIs, and constantly learn about new services and stay up to date and up to speed” with what the bad guys are picking up.

Oh, those bad guys! Regarding attackers, Konigsberg says: “They adopt innovation faster than defenders.” They can do so because they have fewer dependencies “and they care less [than defenders do] about breaking things.”

To illustrate, he asks us to think about migrating to the cloud: Imagine you’re an attacker and you simply never worry about any legacy systems from your previous environments. “They have much more liberty and they move faster.”

“They adopt techniques about new services that each cloud provider is releasing *tomorrow,*” says Konigsberg.

So it is, in some ways, about playing catch-up. CISOs have had to adopt a new mindset and posture. “You can only block so many punches until you have to figure out [that] you need to move around, you need to counter, and so on,” says Rehman.

Rehman adds that CISOs have finally understood the “shared responsibility between you and the cloud provider.” But that’s not the only issue with the cloud. “It's much flatter than what you’re used to on prem,” he says. “Which means a lateral attack is a lot quicker, moving things around a lot easier, and the *simplicity* of people actually moving things around and infecting a large area is substantially higher.”

So how can an organization properly respond to, and learn to prioritize within, the cloud conundrum? One answer, says Rehman, is culture.

“We have to adopt a learning culture in security,” he says. “They’re always gonna be one step ahead of us, but at least we're one step behind, not ten.” Pick up the pace of your learning and listen to the experts speak. Hit play!

Host: Lisa Kocian
Editor: Kyp Pilalas
Producer: Ken Gordon

Sam Rehman—a frequent voice on this podcast network and EPAM’s Chief Information Security Officer and SVP—was in the classroom recently, teaching students, and in the process was “surprised by the density of PII that's in in the system.”

This led Rehman to realize that “at least here in California,” higher education’s investment in cybersecurity is “substantially behind.”

Catching up is a theme of today’s conversation about privacy, education, and artificial intelligence.

Speaking for the (cyber)defense, with Rehman, is today’s guest on *The Resonance Test,* Scott Loughlin, Partner and Global Co-Lead of the Privacy & Cybersecurity Practice at the law firm Hogan Lovells.

“It took a long time to get people to understand that the easiest thing to do is not always the right thing to do to protect the company’s interest and protect the company’s data,” says Loughlin. “And that is an experience that we'll all have with respect to generative AI tools.”

Loughlin and Rehman are put through their conversational paces from questions by Brian Imholte, our Head of Education & Learning Services.

They have much to say about data governance (“Data is not by itself anymore, it's broken up in pieces, combined, massaged, and then pulled out from a model,” says Rehman), data pedigree, the laws—and lack thereof—regarding privacy and generative AI. They also kick around the role that FERPA assumes here. “You’re trying to deploy this old framework against this new technology, which is difficult,” says Loughlin, adding: “There are some key areas of tension that will come up with using generative AI with student data.”

So where might an educational publisher or school begin?

“Focus on your value first,” says Rehman. Do your experiments, but do them in small pieces, he says: "And then within those small pieces, know what you're putting into the model.”

This informative and spirited conversation is even occasionally funny. Loughlin brings up a court case about whether or not a selfie-taking monkey selfie would own the copyright to the photo. “The court said no,” notes Loughlin, adding that US Copyright laws are “designed to protect the authorship of humans, not of monkeys, and in this case not of generative AI tools.”

Download now: It’s sure to generate some new thoughts.

Host: Kenji Ross
Engineer: Kyp Pilalas
Producer: Ken Gordon

Going mobile: It’s going to create vulnerabilities. That’s the way things work with apps. They aren’t just friendly pieces of software that help you beat traffic or bring your favorite tunes into your eardrums… they are opportunities, rich ones, for the bad guys.

Andrew Whaley, the Senior Technical Director (UK) at Promon and our guest on *Silo Busting,* says that with an app, “You have to be able to trust the security model that you've got around it.”

Whaley talks with Sam Rehman, our Chief Information Security Officer and SVP, about how apps operate on a client-server model, but “all the client code is distributed outside of your enterprise.” Some of these users could well be criminals who, once gaining access to that code, could "reverse engineer it and come up with ways to attack that.”

And the code in those apps can be a bit suspect. Whaley says that most apps are made up of 80% open-source software. “You know how many of those app developers go and build that source themselves from source and read over it before they compile?” he asks and then answers: “Probably close to zero.”

Speaking of putting the work in… Rehman talks about calibrating “the level of effort that the attacker would have to go through versus the yield.” The trick is, he says, layering on cybersecurity techniques “so that the yield is not worth it for them.”

Whaley replies that “once you layer obfuscation on, you then have this impenetrable forest” and that the “immediately accessible ways of attacking [an application] are taken off the table.”

Together they chat about supply chain attacks, nonlinear programming, and more. Tune in and be safe(r)!

Host: Glenn Gruber
Editor: Kyp Pilalas
Producer: Ken Gordon

In this special edition of *Silo Busting,* Elaina Shekhter, EPAM’s Chief Marketing & Strategy Officer, interviews Stepan Mitish, VP and Head of Ukraine, about how his role shifted from being a leader navigating war-time crises to a leader embracing the challenges of the business world. Mitish says that the year 2022 was so filled with extreme challenges that he and his team can count it as “three or five years of experience.”

He says the experience truly seasoned his team: “We understood what a great team means, not just in theory.” In hindsight, Mitish says, the experience puts COVID in perspective: “At that time, it was something catastrophical… but now you recall it with a smile on your face."

Mitish talks about how he and his team started preparation for a potential war before it actually took place, creating a very solid business continuity plan (BCP). But if you ask whether he believed it would happen: “I didn't, and even now, for me it's hard to accept how could anybody in the 21st century do what actually was done.”

He tells the harrowing story of how it began very early one morning. Lots of messages pouring in from areas under attack. After that, “It was very loud night and morning,” he says, adding that he was focused on the quiet evacuation of our people to so-called shelters in the western part of Ukraine. Vinnytsia. Lviv. Ivano-Frankivsk. Uzhhorod.

At the beginning of the war, he was orchestrating 15,000 employees but they were working as one. He says that after a week, “I was afraid to start hearing a lot of complaints from our clients about failed delivery, non-delivery in services.” Instead, he received emails from clients “who were praising our teams for working days and nights and even delivering planned releases.”

By the second or third week, everyone understood that Russia could not do a “so-called blitzkrieg in three days” and that it wasn’t “possible to break Ukrainians and to break EPAM in Ukraine.” He says: “Despite all the challenges, all the craziness that was going on,” he and his team continued to deliver. Relentlessly.

“People were doing incredible, heroic things on the ground, but also doing delivery from bomb shelters and various faraway locations where people ended up moving to in order to avoid actually being in the midst of ongoing attacks,” says Shekhter. “From your point of view, why do you think they did it?”

Mitish says it was a combination of two things: (a) “Probably it's part of Ukrainian values or DNA to be very much focused on results”; and (b) “We don't have any other home and we understand that we fight for our lives, for our workplaces, for our families. And if not me, then who's going to do that?”

So where are we now in Ukraine?

“I believe that the worst, worst days are already behind us,” says Mitish who wants to encourage our clients and future clients to support Ukraine and bring more business there. “I strongly believe that once this war is over and Ukraine wins, there will be a huge queue of those companies’ investors… and if you're going to be on the end of the queue, probably it will be much harder to find the best talent for you and your business.”

You’ll want to listen to our resilient colleague tell his amazing story. Do so!

Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon