If you believe the hype, generative AI has the potential to transform how we work and play with digital technologies.

Today’s eye-popping text-and-image generating classes of AI capture most of the limelight, but this newfangled automation is also coming to software development.

It is too soon to say what impact this emerging class of code-generating AI will have on the digital world. Descriptors ranging from “significant” to “profound” are regularly tossed around.

What we do know: IT must take a more proactive role in supporting software developers as they begin to experiment with these emergent technologies.

Generative AI Could Change the Game

Many generative AI coding tools have come to the fore, but perhaps none possesses more pedigree than Copilot, developed by Microsoft’s GitHub coding project management hub.

A type of virtual assistant, Copilot uses machine learning to recommend the next line of code a programmer might write. Just as OpenAI’s ChatGPT gathers reams of text from large corpuses of Web content, Copilot takes its bits and bytes insights from the large body of software projects stored on GitHub.

Although it’s early days for such tools, developers are excited about Copilot’s potential for enhanced workflows, productivity gained and time saved. Empirical and anecdotal evidence suggests it can shave anywhere between 10% and 55% of time coding, depending on who you listen to.

Today Copilot is targeted at professional programmers who have mastered GitHub and committed countless hours to creating and poring over code. Yet it’s quite possible that Copilot and other tools like it will follow the money and migrate downstream to accommodate so-called citizen developers.

DIY AI, for Non-Coders

Typically sitting in a business function such as sales or marketing, citizen-developers (cit-devs)  are non-professional programmers who use low-code or no-code software to build field service, market and analytics apps through drag-and-drop interfaces rather than via the rigors of traditional hand-coding.

If the low-code/no-code evolution has come to your company, you may have marveled at how this capability freed your staff to focus on other tasks, even as you helped these erstwhile developers color within the governance lines.

Considering their all-around efficacy, self-service, do-it-yourself tools are in-demand: The market for low-code and no-code platforms is poised to top $27 billion market in 2023, according to Gartner.

Now imagine what organizations will pony up for similar tools that harness AI to strap rocket boosters onto software development for non-techie coders. In the interest of catering to these staff, GitHub, OpenAI and others will likely create versions of their coding assistants that streamline development for cit-devs. GitHub, for example, is adding voice and chat interfaces to simplify its UX even more.

It’s not hard to imagine where it goes from there. Just as the API economy fostered new ecosystems of software interoperability, generative AI plugins will facilitate more intelligent information services for big brands. Already OpenAI plugins are connecting ChatGPT to third-party applications, enabling the conversational AI to interact with APIs defined by developers.

One imagines this AI-styled plug-and-play will broaden the potential for developers, both of the casual and professional persuasion. Workers will copilot coding tasks alongside generative AI, ideally enhancing their workflows. This emerging class of content creation tools will foster exciting use cases and innovation while affording your developers teams with more options for how they execute their work. This will also mean development will continue to become more decentralized outside the realm of IT.

Keep an Open Mind for the Future

The coming convergence of generative AI and software development will have broad implications and pose new challenges for your IT organization.

As an IT leader, you will have to strike the balance between your human coders—be they professionals or cit-devs—and their digital coworkers to ensure optimal productivity. You must provide your staff  guidance and guardrails that are typical of organizations adopting new and experimental AI.

Use good judgment. Don’t enter proprietary or otherwise corporate information and assets into these tools.

Make sure the output aligns with the input, which will require understanding of what you hope to achieve. This step, aimed at pro programmers with knowledge of garbage in/garbage out practices, will help catch some of the pitfalls associated with new technologies.

When in doubt give IT a shout.

Or however you choose to lay down the law on responsible AI use. Regardless of your stance, the rise of generative AI underscores how software is poised for its biggest evolution since the digital Wild West known as Web 2.0.

No one knows what the generative AI landscape will look like a few months from now let alone how it will impact businesses worldwide.

Is your IT house in order? Are you prepared to shepherd your organization through this exciting but uncertain future?

Learn more about our Dell Technologies APEX portfolio of cloud experiences, which affords developers more options for how and where to run workloads while meeting corporate safeguards: Dell Technologies APEX

Business Intelligence and Analytics Software

The mainframe may seem like a relic of a day gone by, but truth be told, it’s still integral. According to the Rocket Software Survey Report 2022: The State of the Mainframe, four out of five IT professionals see the mainframe as critical to business success. At the same time, innovation and modernization are imperative for business survival.

When deciding which modernization path to take, some companies choose to scrap their mainframe, a costly endeavor that increases the risk of downtime and sacrifices its powerful benefits. With that in mind, what can businesses do to modernize their applications effectively?

Tap into open-source software

Mainframe-dependent businesses often think that open source is just for cloud-based products – but that assumption is incorrect. By introducing open-source software to mainframe infrastructure, companies will improve product development, speed time to market, and open the mainframe to new developers that will drive mainframe innovation.

Open-source software accelerates IBM Z® application development and delivery through modern tools that drive automation and integration to and from the mainframe. Success hinges on development support. Without, it can create security and compliance risks—and be difficult to maintain. Waiting on vulnerability fixes from the open-source software community can open an organization to a multitude of threats.

Another benefit of open-source software is that it provides the next generation of IT professionals – who may be unfamiliar with the mainframe – with familiar languages and tools that make it easy for them to manage the mainframe similar to the way they work with other platforms.

One of those technologies, Zowe, connects the gap between modern applications and the mainframe. Introduced four years ago by the Linux Foundation’s Open Mainframe Project, Zowe and other open-source technologies like it provide organizations with the responsiveness and adaptability they need to implement advanced tools and practices that balance developers’ desire to work with the latest technology and organizational need for security and support.

Through DevOps and application development, businesses can bring the accessibility of open source to the mainframe while ensuring the compliance and security of their system’s data. Because of the development of open DevOps/AppDev solutions, businesses can deliver applications to market faster, at lower cost, and with less risk.

Modernizing in place

Many legacy systems, mainframe and distributed, lack connectivity and interoperability with today’s cloud platforms and applications not because of a lack of capability, but because of a lack of effort. Enterprises are at a crossroads for how to invest in their future infrastructure support and have a handful of options:

Operate as-is. This option may not include net-new investments but positions a business for failure against competitors.

Re-platform or “rip and replace” existing technology. While it addresses the modernization issue, it does so in a costly, disruptive, and time-consuming manner that forces businesses to throw away expensive technology investments.

Modernizing in place. This makes it possible to embrace increasingly mature tools and technologies – from mainframe data virtualization, API development, hierarchical storage management (HSM), and continuous integration and continuous delivery (CI/CD) – that bring mainframe systems forward to today’s IT infrastructure expectations.

Rocket Software data reveals that more than half of IT leaders favor modernizing in place – and less than 30 percent and 20 percent favor “operate as-is” and “re-platforming”, respectively. DevOps innovations (e.g., interoperability and integration, storage, automation, and performance and capacity management needs) have empowered IT leaders to see modernizing in place as a more cost-effective, less disruptive path to a hybrid cloud future.

Bet on hybrid cloud infrastructure

Modernizing in place to drive a hybrid cloud strategy presents the best path for enterprise businesses that need to meet the evolving needs of the customer and implement an efficient, sustainable IT infrastructure. The investment in cloud solutions bridges the skills gap and attracts new talent while not throwing away the investment in existing systems. Integrating automation tools and artificial intelligence capabilities in a hybrid model eliminates many manual processes, ultimately reducing workloads and improving productivity. The flexibility of a modernized hybrid environment also enables a continuously optimized operational environment with the help of DevOps and CI/CD testing.

The mainframe has stood the test of time – and it will continue to do so for the benefits it provides that the cloud does not. As you evolve your strategy, think about how best to leverage past technology investments with the modern app dev tools delivered through the cloud today to innovate on your mainframe technology.

Learn more about how Rocket Software and its solutions can help you modernize.

Digital Transformation

ACS (Australian Computer Society) is the professional association for Australia’s technology sector. With 35,000+ members, ACS is dedicated to growing the nation’s digital skills and capacity.

ACS members benefit from professional training and skills certification, networking and events, liability insurance cover and access to technology and innovation hubs.

In addition, ACS has developed a Professional Partner Program (PPP) to enable Australian organisations to be more proactive in gaining the benefits of employees’ ACS membership.

Partner organisations pay for ACS membership for appropriate employees, at a discount on the individual rate. Each partner is assigned an ACS account manager who works closely with the partner to help them maximise their partnership.

PPP has more than 300 member organisations across government, business, industry, research and academia.

This brandpost will outline the ACS Professional Partner Program, summarise the benefits to employees and the specific advantages for partner organisations.

ACS membership benefits

ACS membership presents many benefits for IT professionals. In turn, this benefits the organisations that employ them. ACS members can gain training and certification in the skills they bring to their roles, and valuable networking and knowledge from over 600 events a year.

ACS is also a voice for Australia’s IT professionals. It engages with policy makers and the media on issues relevant to the technology sector. And provides resources for educators and industry to boost Australia’s digital capabilities and competitiveness.


ACS offers a wide range of learning pathways, qualifications and certifications to Australia’s IT professionals. The aim is to create a pipeline of talent to ensure Australia has the 1.2 million high-skilled and diverse IT professionals Australia needs by 2027.

ACS’s Continuing Professional Development (CPD) program encourages members to maintain, improve and broaden their knowledge, expertise and competence – to advance their professional standing by completing CPD hours each year as part of their membership.

In addition, ACS’s workforce development team can design customised learning solutions tailored to an organisation’s strategy, environment, challenges, and desired outcomes.

ACS also accredits courses offered by other institutions after evaluating their capacity to produce graduates who have the knowledge and skills required of an IT professional. Forty-five Australian universities offer ACS accredited degrees designed to ensure students are tech-ready when they graduate.

Career development

The Skills Framework for the Information Age (SFIA) is a skills development framework used to benchmark the competences of IT professionals worldwide. By meeting SFIA standards, technology workers can demonstrate their abilities to employers anywhere in the world.

ACS members can take advantage of advanced self-assessments against competencies in SFIA to create a precise skills profile, and identify potential career paths and the skills they need to help achieve their goals. ACS membership can also provide members with access to mentors who can help guide their careers and open-up career opportunities.


ACS members can apply for ACS professional certifications, which recognise transferable skills and competencies and, unlike vendor certifications, are technology agnostic. They are based on the Skills Framework for the Information Age (SFIA) and offer the following certifications:

• ACS Certified Professional
• ACS Certified Technologist
• ACS Certified Cyber Security Professional
• ACS Certified Cyber Security Technologist
• ACS Certified Safety Critical Systems Professional


ACS hosts over 600 events and attracts some 48,000 attendees each year, providing an opportunity for ACS members to come together, learn and network. Two hundred of these events are designed to help members upskill and stay relevant. ACS also supports several boards and special interest groups that help to educate and inform. Members also get opportunities to engage with state and federal politicians at political engagements held around the country.

In addition:
• ACS members gain access to a digital library with more than 44,000 digital assets, including exclusive training videos, recorded webinars and insights from technology leaders.

• The ACS Career Platform offers career advice, job seeking content, profiles of working with specific organisations and details of available opportunities.

• ACS limited liability insurance offers professional indemnity coverage for members that invoice less than $100,000pa for IT services.

• All ACS members can access and use ACS Technology Hub facilities in Sydney, Melbourne and Brisbane.

ACS Professional Partnership Program

By becoming an ACS Professional Partner your organisation can offer, and pay for, ACS membership for IT staff at a discount of 20 percent. Membership gives employees access to all membership benefits listed above.

Partnerships are annual and your organisation will be assigned an ACS account manager who will work closely with your nominated representative, conducting regular meetings to help you make the most of their partnership agreement.

Partnership also brings other benefits. ACS offers a range of partnership development opportunities to help you keep up to date with industry trends. These provide opportunities to display your organisation and its IT talent. Also, the growth opportunities available to individual staff members through their ACS membership contribute to job satisfaction and help with retention.

Members of the ACS Partnership Program include all Australian State Governments, the Federal Government and leading companies such as Coca Cola and Woolworths.

About ACS

ACS champions the technologies, people and skills critical to powering Australia’s future growth, diversity and security.

ACS is Australia’s largest community of technology professionals from all sectors of industry, government and academia.

It is a platform for industry, government and academia to connect, collaborate and shape policies.

ACS takes an evidence-based approach to the development of standards and skills for all technologies, ensuring Australia stays secure and future-proof.

And delivers programs and pathways to develop a diverse, high-skilled pipeline of trusted technology professionals, to meet Australia’s technology needs now and in the future.

Next steps

Contact ACS today for more information on the benefits of the ACS Professional Partnership Program, and how tailoring the program to your specific requirements can benefit your organisation.

Professional Services

We’ve entered another year where current economic conditions are pressuring organizations to do more with less, all while still executing against digital transformation imperatives to keep the business running and competitive. To understand how organizations may be approaching their cloud strategies and tech investments in 2023, members of VMware’s Tanzu Vanguard community shared their insights on what trends will take shape.

Tanzu Vanguards, which includes leaders, engineers, and developers from DATEV, Dell, GAIG, and TeraSky, provided their perspectives on analyst predictions and industry data that point to larger trends impacting cloud computing, application development, and technology decisions.

Trend #1: More organizations will take on a cloud-native first strategy, accelerating the shift to containers and Kubernetes as the backbone for current and new applications.

According to Forrester, forty percent of firms will take a cloud-native first strategy. Forrester’s Infrastructure Cloud Survey 2022 reveals that cloud decision-makers have implemented containerized applications that account for half of the total workloads in their organizations. Kubernetes will propel application modernization with DevOps automation, low-code capabilities, and site reliability engineering (SRE) and organizations should accelerate investment in this area as their distributed compute backbone.

“I agree on the cloud-native first strategy [prediction] since Kubernetes is the base for modern infrastructure. But you have to take into account that cloud native first does not mean public cloud first. Especially in regulated environments, public clouds or the big hyperscalers won’t always be an option,” says Juergen Sussner, cloud platform engineer and developer at DATEV. “If you look into the startup world, they start in public clouds, but as they grow to a certain scale, cloud costs will become a big problem and the need for more control might come up to bring things back into their own infrastructures or sovereign clouds. So cloud-native first, yes but maybe not public cloud first to the same degree.”

While Scott Rosenberg, practice leader of cloud technologies and automation at TeraSky, agrees with Forrester’s prediction, he notes that there is nuance in the details. “The growth of Kubernetes, and the benefits it brings to organizations, is not something that is going away. Kubernetes and containerized environments are here to stay, and their footprint will continue to grow. As Kubernetes is becoming more mature, and the ecosystem around it as well is stabilizing, I believe that the challenges we are experiencing around knowledge gaps, and technical difficulties are going to get smaller over the next few years. With that being said, due to the maturity of Kubernetes, I believe that over the next year, the industry will understand which types of workloads are fit for Kubernetes and which types of workloads, truly should not be run in a containerized environment. I believe VM-based and container-based workloads will live together and in harmony for many more years, however, I see the management layers of the 2 unifying in the near future, as is evident by the rise of ecosystem tooling like Crossplane, VMware Tanzu VM Operator, KubeVirt and more.”

Even if organizations decide to take a containerized approach to their applications,  Jim Kohl, application and developer consultant at GAIG, says “there still is heavy lifting in moving the company project portfolio over to the new system. Even then, companies will have a blend of VM-centered workloads alongside containerized workloads.”

Similarly, Thomas Rudrof, cloud platform engineer at DATEV eG, agrees that we won’t necessarily see the end of VM-based workloads. “Our organization, as well as the majority of the industry, is already adopting a cloud-native-first or a Kubernetes-native-first strategy and will increase their investment in technologies like Kubernetes and containers in the coming years. Especially for new apps or when modernizing existing apps. However, it is also important to note that there are still many apps that run on virtual machines and do not work natively in containers, especially in the case of third-party software. Therefore, I think there will still be a need for VM workloads in the coming years,” says Rudrof.       

“This year, companies will focus on cost optimization and better use of existing hardware resources. Using containerization will allow you to better control application environments along with their lifecycle. It will also allow for more effective and faster delivery of the application to the customer. IT departments should reorganize some IT processes that use a VM-based approach rather than containers,” says Lukasz Zasko, principal engineer at Dell.

Trend #2: Optimizing costs and operational efficiency will be a focus for organizations looking to improve their financial position amidst an economic downturn and skills shortages. IT leaders and executives must use AI and cloud platforms, and adopt platform engineering, to improve costs, operations, and software delivery.

Gartner’s Top Strategic Technology Trends for 2023 advises that this year is an opportunity for organizations to optimize IT systems and costs through a “digital immune system” that combines software engineering strategies like observability, AI/automation, and design and testing, to deliver resilient systems that mitigate operational and security risks. Additionally, with ongoing supply chain issues and skills shortages, organizations can scale productivity by using industry cloud platforms and platform engineering to empower agile teams with self-service capabilities to increase the pace of product delivery. Lastly, as organizations look to control cloud costs, Gartner states that investments in sustainable technology will have the potential to create greater operational resiliency and financial performance, while also improving environmental and social ecosystems.

“Eliminating cognitive load from your developers by using platform engineering techniques makes them more productive and therefore more efficient. There’s always a discussion about what can be centralized, and what should and should not be centralized as it can cause too much process overhead when not giving this specific control to your developer teams,” Sussner says. “The rise of AI in this case can’t be overlooked, like GitHub Copilot and many intelligent tools for managing security and many other aspects of supply chains.”

However, cost savings isn’t necessarily a new prediction or trend for organizations in 2023, according to Martin Zimmer – Technology Lead Modern Application Platforms at Bechtle GmbH. “I have heard this for 10 or more years. Also, AI will not help with [cost savings] because the initial costs are way too high at the moment.”

On the other hand, Rudrof says, “AI has the potential to significantly improve the efficiency, productivity, and effectiveness of IT professionals and organizations, and is likely to play an increasingly important role in the industry in the coming years.” He is also optimistic about platform engineering as a trend that will impact enterprise strategies. “I believe that platform teams are essential in helping DevOps teams focus on creating business value and in providing golden paths to enhance the overall developer experience,” says Rudrof.

Trend #3: Infrastructure and operations leaders will need to rethink their methods for growing skills to keep pace with the rapid changes in technology and ways of working.

Gartner predicts that through 2025, 80% of the operational tasks will require skills that less than half the workforce is trained in today. Gartner recommends that leaders implement a prioritized set of methods to change the skills portfolio of the infrastructure and operations organization by creating a skills roadmap that emphasizes connected learning, digital dexterity, collaboration, and problem-solving.

“The main problem in 2023 will be how can we learn new skills fast and stay on top of all the new tools and technologies in every area. If you implement a toolchain today, tomorrow it’s old,” Zimmer says. He adds that implementing a skills portfolio is nothing new. “Connected learning, digital dexterity, collaboration, and problem-solving should be the ‘normal’ skills of everyone who works inside the IT organization. The days where an IT ‘guru’ sits in his dark room and runs away when you try to talk with him are long gone.”

While developing digital and human skills will always be important for current and future workforces as hybrid work and digital transformation initiatives take hold, organizations must also look inward to evolve company culture. Sussner believes that being able to react and adapt to change is a skill in itself that an organization has to develop. “Not only do DevOps teams have to adapt to changing requirements, but also company structures. If you take Conway’s law seriously, this means being able to develop software in an agile way, would also raise the necessity to be able to change company structures accordingly.” Conway’s law states that organizations design systems that mirror their own communication structure.

“This huge step in company culture requires brave managers adopting agile principles. So in my opinion, it’s not only about technology transformation, it’s also about company culture that has to evolve. If neither technology nor culture does not take part in this game, all will fail,” Sussner adds.

At a time when budgets and margins are tightening, leaders should take this time to re-evaluate investments and prioritize the technologies and skills that build a resilient business. As business success increasingly relies on the organization’s ability to deliver software and services quickly and securely, building a company culture that prioritizes the developer experience and removes infrastructure complexity to drive productivity and efficiency will be critical for 2023 and beyond.

To learn more, visit us here.

Cloud Computing

In the war for talent, sometimes the solution is right in front of you. For businesses struggling to compete for tech talent, investing in your current talent through upskilling and training initiatives can provide invaluable returns, as many IT leaders are finding.

A study from Korn Ferry estimates that by 2030 more than 85 million jobs will go unfilled due to a lack of available talent, a talent shortage that could result in the loss of $8.5 trillion annual revenue globally. While automation may be able to fill some gaps, the study also posits that human capital will be just as important as automation in the future, leaving organizations without robust training programs subject to the whims of a talent market in short supply.

According to the National Bureau of Economic Research, companies have steadily dropped the ball on workforce training and upskilling since the 1970s. Oftentimes, workers are pushed to meet skills gaps without the necessary training, setting the employee and business up for potential failure. But shifts in workforce strategies in recent years have seen more companies developing strong internal training programs to reskill, upskill, and promote employees within the organization.

In addition to helping fill skills gaps, investing in the career growth of your employees can also foster a greater sense of trust, leading to a more resilient and productive workforce that is less likely to quit, according to data from Gallup. The return on investment in internal workforce training and upskilling programs can’t be overlooked, as the successes of the following four companies can attest.

Capital Group invests in careers for the long run

For financial services company Capital Group, the secret to competing in a tight IT talent market is to stay focused on a long-term employee investment strategy. Capital Group leadership believes employee satisfaction is just as important as customer satisfaction, and a key part of that is ensuring that employees have ample opportunity to grow their careers within the company. This includes internal bootcamps, courses for developing subject matter expertise, and an internal talent marketplace that gives employees more mobility within the organization.

Employees can also explore various career paths within Capital Group through its Technology Rotational Experience (TREx) program, a 25-month career development program that places participants across three different IT teams. Through TREx, employees can gain experience in other departments, work with new technologies, and identify whether there’s something new that they might be interested in working on moving forward.

“We focus on the long term,” says Global CIO Marta Zarraga. “Every single decision we make is based on the healthiness of the organization long term.”

And that includes ensuring employees can stay and grow with Capital Group, rather than leaving the organization to move their careers forward. TREx and other internal training programs, which include bootcamps, “learning journeys” for developing subject matter expertise, and mentorships, make employees feel valued and reinforce the organization’s culture of growth and learning, while also meeting organizational talent needs in IT departments.

“I can show up as myself and develop the skills and confidence for my career in software development within the financial industry. From early on my contributions at work have been respected, and I’ve found it very easy to reach out and ask questions to people on different teams,” says Aimee Oz [they/them], a software development engineer at Capital Group who participated in an internal bootcamp.

Progressive bootcamp bridges skills gap

Insurance company Progressive has developed an in-house IT Programmer Bootcamp to reskill non-technical staff for technical roles within the organization to meet skills and talent gaps in the organization. And by turning inward to find qualified candidates within its own workforce, Progressive can also leverage the wealth of knowledge candidates already have about the organization, while “knocking down some of those barriers of eligibility for some of these tech jobs,” says Stephanie Duca, leadership development consultant at Progressive, and leader of the IT Bootcamp program.

The pilot program was launched in 2021 with eight participants who came from non-IT roles such as customer support, underwriting, and claims. Employees attend the 15-week intensive training program full-time and are compensated for their time in the program, ensuring they will be able to focus entirely on the training. Employees do not need to have a background in tech to join the program and they are guaranteed a job placement along with adjusted compensation to reflect their new role. Progressive plans to continue expanding this program to include other areas of focus, such as data analytics roles.

“I just know that it’s sparked some real passion and an appreciation for Progressive — our employees see that we want to invest in them and keep them here and retain them,” says Duca.

Altria’s career development focus reaps rewards

Fostering career development is a key strategy for retaining vital talent. At tobacco company Altria Group, employees are given the chance to engage in upskilling and training, gain experience working in departments outside their own, and utilize the company’s structured career planning process. In fact, Altria’s dedication to investing in employees earned them first place for career development on IDG’s Best Places to Work 2021 survey.

Career development is a focus for all employees, even entry-level workers, and everyone is given several opportunities to grow their skills and learn new technologies. For example, an entry-level code developer at Altria will be thrown into highly technical work right away, so they gain experience fast. And then throughout their first five to six years with the company, they will be moved around IT departments to work on different projects, gaining more experience and potentially finding out what they’re most passionate about.

“In many cases, we’re trying to put them into a role that ultimately is going to make them sweat — it’s going to really challenge them,” says Dan Cornell, vice president and CIO of Altria Group.

Employees also go through an annual talent planning review process to assess where they are in their careers, what they aspire to within the organization, and how they want to shape their career moving forward. Managers can identify areas for growth, what skills can be developed, opportunities for training, and potential experiences in other departments they might benefit from. There’s also a heavy focus on helping employees pave a career path if they aren’t interested in leadership positions. Oftentimes, it can feel like the only way up is the leadership path, but helping employees discover there are other paths within the organization can go a long way for retention.  

Talent development pays off at Capital One

Upskilling and cross-training programs are key factors in improving employee productivity, retaining top talent, and filling skills gaps. Financial services company Capital One focuses on “developing the whole person” by leveraging internal professional development programs, including a full-stack development academy, the Capital One Developer Academy (CODA), and Capital One Tech College.

With over 11,000 engineers across more than 2,000 agile teams, Capital One has worked to run individual teams as if they’re each a small business. It’s a strategy that allows the large organization to stay agile, while also attracting and retaining engineering talent through the promise of getting to work on open-source projects, in an agile environment, and on a small team.

“It keeps a big company very nimble, creates that autonomy and then drives a lot of that team dynamic and team culture down into the other groups of folks that are releasing software every day of every week to our customers and our associates,” says Mike Eason, senior vice president and CIO of enterprise data and machine learning engineering at Capital One.

Its CODA initiative is a six-month software engineering program for full-time Capital One employees to learn full-stack development principles. It helps employees inside or outside of IT get the training they need to become a software engineer within the organization. The Capital One Tech College focuses more on upskilling employees through free training and certification courses, with opportunities to attend in-person and online courses on their own time. The investment in employees helps Capital One retain its best tech talent, while also cultivating stronger tech skills and expertise through the ranks.

IT Skills, IT Training 

By Milan Shetti, CEO Rocket Software

According to a recent Rocket Software survey, 80% of IT professionals categorize the mainframe as critical to their business. But in order to be successful in today’s technology-driven world, businesses that rely on the mainframe must modernize their operations and integrate the latest tools and technologies. Companies choosing to abandon their mainframe face a costly endeavor, risk downtime, and lose out on powerful benefits. Modernizing in place allows businesses to continue leveraging their technology investments through modernization without sacrificing the many benefits provided by mainframes.

One technology that modern mainframes need is secure open-source software. Four years ago, the Linux Foundation’s Open Mainframe Project introduced Zowe, a first-of-its-kind open-source framework based on z/OS, making it easier than ever to connect the gap between modern applications and the mainframe. Rocket Software is a founding member of the Zowe coalition, and our engineers have played an integral role in the evolution of the Zowe open-source framework. Open-source technologies provide organizations with the responsiveness and adaptability they need to implement advanced tools and practices that balance developers desire to work with the latest technology and organizational need for security and support.

Read on to learn more about why modern mainframes need secure open source.

Benefits of modernizing the mainframe

There is no denying the importance of mainframes within the enterprises that use them. Respondents to Rocket’s survey say the top three qualities that contribute to their organization’s reliance on the mainframe are reliability (34%), security (27%), and efficiency (22%). Modernizing in place is a great way for mainframe-reliant businesses to meet demands while positioning themselves for future success with an efficient and sustainable IT infrastructure.

Open-source software provides many benefits that can help businesses modernize mainframe development through capabilities that drive application and infrastructure modernization, accelerate application development, and enable the next generation of developers. Through DevOps/AppDev solutions, businesses can bring the accessibility of open source to the mainframe while ensuring the compliance and security of their system’s data. By automating processes, organizations can easily implement modern application development practices while ensuring compliance to organizational standards and business rules. Because of the development of open DevOps/AppDev solutions, businesses can bring applications to market faster, at lower cost, and with less risk.

Why the mainframe needs secure open source

Open-source solutions can provide the mainframe with a litany of benefits, but like any other technology, open source is not foolproof and comes with its own challenges. One of the main open-source challenges is regarding its security as applications are developed and delivered to and from the mainframe. Organizations are also concerned that if there are vulnerabilities found in open-source software, they will take a long time to fix. 

To overcome these challenges, organizations must take a security-first mindset and partner with industry-leading vendors to ensure that they have the capabilities to identify vulnerabilities and make fixes in time to mitigate security risks. For example, Rocket Support for Zowe gives users access to modern capabilities from the Open Mainframe Project’s Zowe open-source framework that makes it easier to interface and develop applications while providing 24/7 support, security, and compliance assurance.

The mainframe has been around for more than 50 years, and with the ability to integrate the latest technologies to match today’s business needs, it’s not going anywhere. Modernizing mainframe development with open-source software will enhance development practices while ensuring compliance to organizational standards and business rules.

To learn more about the power of open source on the mainframe, visit our website.

Digital Transformation

Few would swap sunny San Francisco and the innovation of Silicon Valley for a train ticketing company serving disgruntled UK commuters, but try telling that to Trainline CTO, Milena Nikolic.

A long-time Googler, who’s role as engineering director saw her lead the Google Play developer ecosystem, Nikolic was keen for something new that offered a greater sense of social purpose.

I had been at Google for so long that I stopped counting,” she says. “It was close to 13 years… and I was itching for a bit of a change.”

In a growing technology market, Nikolic waited for the right opportunity. Nothing clicked until she spoke to Trainline, the international digital rail and coach technology platform, headquartered in London.

“Everything fell in place; every box was ticked,” she says. “I really liked the mission, connecting people to places in greener, more sustainable ways.”

The first 100 days

As the new CTO tasked with setting the technical strategy, ensuring tech team delivery, and aligning product and business strategies, Nikolic had a lot on her plate for the first 100 days.

She spent time understanding the tech stack, the business challenges, and a comprehensive technology team split across infrastructure, product development, security, privacy and technical compliance.

Trainline had sound technical systems and a good level of autonomy, but Nikolic believed the team members themselves felt less empowered to move out of their comfort zone, which impacted business outcomes.

“We had engineers who were very good specialists in their field, but I think people felt less empowered to really own goals and outcomes end-to-end,” she says. “They’re all these brilliant individuals who have a lot to add beyond coding their part of the technical system. They were more stuck to their part of the technical stack, and just contributing to that.”

This reflection pushed Nikolic to make changes to how technology teams worked across the organisation, and support a new target operating model.

Driving business growth through new teams

Trainline has been a tech-enabled business since it launched in 1997, with online ticket sales available as far back as 1999. More recently, under the tutelage of former CTO Mark Holt, Trainline became a story of scale and mobility, moving to DevOps, agile principles and leveraging compute power through Amazon Web Services (AWS).

By 2018, the Trainline platform was hosting more than 80 million customer visits a month, with more than 80% coming through mobile devices. The company sold more than 204 tickets every minute.

Today, its Platform One, with 78 million visits every month across all channels, covers more than 270 rail and coach companies across 45 countries, including over 80% of rail routes in Europe.

Milena Nikolic

Such growth in scale has resulted in a steady ramp-up in resources. Despite the COVID-19 pandemic pushing the business to reach almost £250m in debt in 2021 (the firm has since recovered to achieve net ticket sales of £2.5bn and a net profit of £90m in its latest financial results), Trainline now employs around 400 engineers, data and tech specialists who work on Platform One and process over 600 system releases every week. The company has approximately 800 staff in total across the business.

Since joining a year ago, Nikolic has split teams into horizontal and vertical functions to support operational efficiency and product development.

Horizontal team members own the platforms to ensure their robustness, reliability, latency and scalability so engineers can be productive. Vertical teams, meanwhile, operate across the tech stack so teams aren’t localised to certain operating systems, orchestration or data layers. These cross-functional teams, including product support, UX and data, offer differing levels of expertise across both front and back-end infrastructure.

“Those teams have a clear mission… that they own the product or business outcome,” says Nikolic. “They have full autonomy to decide whatever they want to do… to drive that goal, that mission and move that [business] metric in the way we expect.”

Training engineers and building products

As part of reskilling teams, Nikolic has focused on building a T-shaped skillset and giving staff the opportunity to gain broader experience. For example, she says that an iOS developer could learn eCommerce, or a web developer could study back-end infrastructure.

There have been a number of vehicles to do that, from an internal ‘tech summit’ with speakers from within and outside Trainline presenting on all things tech, product and data, to a ‘culture of craft’ community that offers regular activities, such as coding dojos, workshops, hackathons and meetups. The company also provides access to the tech learning platform O’Reilly, where team members can attend live conferences, and access books and content.

The team has celebrated numerous achievements inside her first year. Nikolic says Trainline now has a robust and scalable platform capable of withstanding 10 times search traffic and transactions, while the company recently launched STicket barcode technology to reduce friction to buy and prevent fraud. It’s also launched delay notifications in France and the UK—a smart move considering a combined 600 train delays every minute, while Trainline’s new Where next? app integrates with Apple MapKit so iOS users can plan their journey without having to leave the app.

Platform One is the solid base for all tech and innovation at Trainline, with microservices and infrastructure-as-code (IaaC) both in vogue.

“Our tech stack is built on a solid foundation provided through AWS,” she says. “By utilising a variety of technologies, such as EC2, ECS, Fargate, Kinesis and RDS, Trainline is able to achieve a hyper-scale infrastructure necessary to enable us to provide our customers with a best-in-class platform.”

Getting more women in engineering

Having worked in the industry for 15 years, Nikolic remains frustrated with a leaky pipeline when it comes to women in engineering. She admits that the tech industry can still feel less inclusive to women, and this ‘societal problem’ can push women to leave the sector mid-career.

“It’s difficult, for sure,” she says, “and, having been part of this fight for 15 years, it can sometimes be disheartening, just how slow the pace of change is.”

Nikolic is, however, hopeful that the industry can improve the representation gap. She points to examples at Trainline, where the firm has introduced diverse recruitment panels and D&I targets, as well as partnerships with coding tech school ADA in Paris and Future Frontiers, a charity equipping students from disadvantaged backgrounds across 200 secondary schools in London and Edinburgh.

She believes the key to improving the numbers of women in engineering is adding more talent at the top of the pipeline, such as encouraging disadvantaged groups from school into early stage careers.

“The only sustainable way for us to prove this is break the barriers for underrepresented groups as they enter the tech world,” she says.

Trainline remains on an upward trajectory. There’s a reported international expansion on the horizon, government contracts to win and a new CDO, hired from Meta, now reporting into Nikolic. “I really want to make sure we execute well,” she says. ”If there’s anything keeping me up at night, it’s making sure the team is set up for success in the best possible way so we capitalise on these opportunities.”

CIO, Digital Transformation, IT Skills, Women in IT

How do attackers exploit applications? Simply put, they look for entry points not expected by the developer. By expecting as many potential entry points as possible, developers can build with security in mind and plan appropriate countermeasures.

This is called threat modeling. It’s an important activity in the design phase of applications, as it shapes the entire delivery pipeline. In this article, we’ll cover some basics of how to use threat modeling during development and beyond to protect cloud services.

Integrating threat modeling into the development processes

In any agile development methodology, when business teams start creating a user story, they should include security as a key requirement and appoint a security champion. Some planning factors to consider are the presence of private data, business-critical assets, confidential information, users, and critical functions. Integrating security tools in the continuous integration/continuous development (CI/CD) pipeline automates the security code review process that examines the application’s attack surface. This code review might include Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Infrastructure as a Code (IaC) scanning tools.

All these inputs should be shared with the security champion, who would then identify the potential security threats and their mitigations and add them to the user story. With this information, the developers can build in the right security controls.

This information also can help testers focus on the most critical threats. Finally, the monitoring team can build capabilities that keep a close watch on these threats. This has the added benefit of measuring the effectiveness of the security controls built by the developers.

Applying threat modeling in AWS

After the development phase, threat modeling is still an important activity. Let’s take an example of the initial access tactic from the MITRE ATT&CK framework, which addresses methods attackers use to gain access to a target network or systems. Customers may have internet-facing web applications or servers hosted in AWS cloud, which may be vulnerable to attacks like DDoS (Distributed Denial of Service), XSS (Cross-Site Scripting), or SQL injection. In addition, remote services like SSH (Secure Shell), RDP (Remote Desktop Protocol), SNMP (Simple Network Management Protocol), and SMB (Server Message Block) can be leveraged to gain unauthorized remote access.

Considering the risks, security teams should review their security architecture to ensure sufficient logging of activities, which would help identify threats.

Security teams can use the security pillar of AWS Well-Architected Framework, which will help identify any gaps in security best practices. Conducting such a self-assessment exercise will measure the security posture of the application across various security pillars – namely, Identity Access Management – to ensure there is no provision for unauthorized access, data security, networking, and infrastructure.

Although next-gen firewalls may provide some level of visibility to those who are accessing the applications from source IP, application security can be enhanced by leveraging AWS WAF and AWS CloudFront. These services would limit exposure and prevent potential exploits from reaching the subsequent layers.

Network architecture should also be assessed to apply network segmentation principles. This will reduce the impact of a cyberattack in the event one of its external applications is compromised.

As a final layer of protection against initial access tactic methods, security teams should regularly audit AWS accounts to ensure no administrator privileges are granted to AWS resources and no administrator accounts are being used for day-to-day activities.

When used throughout the process, threat modeling reduces the number of threats and vulnerabilities that the business needs to address. This way, the security team can focus on the risks that are most likely, and thus be more effective – while allowing the business to focus on truly unlocking the potential of AWS.

Author Bio


Ph: +91 9176292448

E-mail: raji.krishnamoorthy@tcs.com

Raji Krishnamoorthy leads the AWS Security and Compliance practice at Tata Consultancy Services. Raji helps enterprises create cloud security transformation roadmap, build solutions to uplift security posture, and design policies and compliance controls to minimize business risks. Raji, along with her team, enables organizations to strengthen security around identity access management, data, applications, infrastructure, and network. With more than 19 years of experience in the IT industry, Raji has held a variety of roles at TCS which include CoE lead for Public Cloud platforms and Enterprise Collaboration Platforms.

To learn more, visit us here.

Internet Security

Technology is hardly the only industry experiencing hiring challenges at the moment, but resignations in tech still rank among the highest across all industries, with a 4.5% increase in resignations in 2021 compared with 2020, according to Harvard Business Review.

For the most part, these employees aren’t leaving the industry altogether; they’re moving to companies that can offer them what they want. Flexible schedules and work-life balance? 

Absolutely. Higher salaries? Of course. But one of the primary reasons why people in tech, particularly developers, switch or consider switching roles is because they want more opportunities to learn. Developers don’t want to quit: they want to face new challenges, acquire new skills, and find new ways to solve problems.

Ensuring access to learning and growth opportunities is part of the mandate for tech leaders looking to attract and retain the best people. A culture of continuous learning that encourages developers to upskill and reskill will also give your employees every opportunity to deliver more value to your organization.

Read on to learn how and why expanding access to learning helps you build higher-performing teams and a more inherently resilient organization.

Developers want more learning opportunities — and leadership should listen

Giving developers opportunities to learn has a major, positive impact on hiring, retention, and team performance. According to a Stack Overflow pulse survey, more than 50% of developers would consider leaving a job because it didn’t offer enough chances for learning and growth, while a similar percentage would stick with a role because it did offer these opportunities. And 50% percent of developers report that access to learning opportunities contributes to their happiness at work.

Yet most developers feel they don’t get enough time at work to devote to learning. Via a Twitter poll, Stack Overflow found that, when asked how much time they get at work to learn, nearly half of developers (46%) said “hardly any or none.” Considering that more than 50% of developers would consider leaving a job if it didn’t offer enough learning time, it’s clear that one way to help solve hiring and retention challenges is to give employees more chances to pick up new skills and evolve existing ones.

How can tech leaders and managers solve for this? One key is to create an environment where employees feel psychologically safe investing time in learning and asking for more time when they need it. High-pressure environments tend to emphasize wasted time (“How much time did you waste doing that?”) instead of invested time (“I invested 10 hours this week in learning this”). In this context, plenty of employees are afraid to ask about devoting work time to learning.

Company leadership and team managers can make this easier by consistently communicating the value of learning and modeling a top-down commitment to continuous learning. Executives and senior leaders can share their knowledge with employees through fireside chats and AMAs to underscore the importance of this culture shift. Managers should take the same approach with their teams. You can’t expect your more junior employees to invest time in learning if you haven’t made it clear, at every level of your organization, that learning matters.

Expanding learning opportunities improves team performance and organizational resiliency

Elevating the importance of learning helps sustain performance and competency in your engineering teams. But it does more than improve retention or team-level performance: it also builds organizational resiliency.

Some of your employees are always going to leave: to seek new adventures, to combat burnout or boredom, to make more money. Leadership no longer has the luxury of hiring for a specific skill and then considering that area covered forever. Technology and technology companies are changing too fast for that. Retaining talent is certainly important, but ultimately leaders should be focused on creating organizations that are resilient rather than fragile. The loss of one or two key individuals shouldn’t impede the progress of multiple teams or disrupt the organization as a whole.

There’s nothing you can do to completely eliminate turnover, but you can take steps to make your organization more resilient when turnover inevitably occurs:

Ensure that your teams don’t break when people leave. Incorporating more opportunities to learn into your developers’ working lives helps offset the knowledge and productivity losses that can happen when employees move on, taking their expertise with them. How many times have you heard a variation of this exchange: “How does this system/tool work?” “I don’t know; go ask [expert].” But what happens when that expert leaves? Resilient teams and organizations don’t stumble over the loss of a few key people.Give employees access to the learning opportunities they want. As we’ve said, developers prize roles that allow them to learn on the job. Access to learning opportunities is a major factor they weigh when deciding whether to leave a current job or accept a new one. Expanding learning opportunities for developers makes individual employees happier and more valuable to the organization while increasing organizational resiliency.Avoid asking your high-performers to do all the teaching. Implicitly or explicitly asking your strongest team members to serve as sources of truth and wisdom for your entire team is a bad idea. It sets your experts up for unhappiness and burnout, factors likely to push them out the door. Create a system where both new and seasoned employees can self-serve information so they can unstick themselves when they get stuck.

Four steps to prioritize learning and attract/retain high-performance teams

When it comes to learning, there are four major steps you can take to attract and retain the best talent and increase organizational resiliency.

1. Surface subject matter experts.

Your team has questions? Chances are, someone at your company has answers. There are experts (and potential experts) throughout your organization whose knowledge can eliminate roadblocks and improve processes. Your challenge is to uncover these experts — and plant the seeds for future experts by giving your employees time to learn new skills and investigate new solutions.

Lower the barrier to entry by making it fast, simple, and intuitive for people to contribute to your knowledge platform. Keep in mind that creating asynchronous paths for your employees to find and connect with experts enables knowledge sharing without creating additional distractions or an undue burden for those experts.

How Stack Overflow for Teams surfaces subject matter experts:

Spotlights subject matter experts (SMEs) across teams and departments to connect people with questions to people with answersEnables upskilling and reskilling by allowing teams and individuals to learn from one anotherAsynchronous communication allows employees to ask and answer questions without disrupting their established workflowsQ&A format lowers barriers to contribution and incentivizes users to explore and contribute to knowledge resources

2. Capture and preserve knowledge

Establishing practices to capture and preserve information is essential for making learning scale. The goal is to convert individual learnings and experiences into institutional knowledge that informs best practices so that everyone, and the organization as a whole, can benefit. That knowledge should be easily discoverable and its original context preserved for future knowledge-seekers. To capture and preserve knowledge effectively, you also need to make it easy for users to engage with your knowledge platform.

How Stack Overflow for Teams captures and preserves knowledge:

Collects knowledge continuously to preserve information and context without disrupting developers’ workflowsMakes knowledge searchable, so employees can self-serve answers to their questions and find solutions others have already worked outCompared with technical documentation, Q&A format requires a shorter time investment for both people with questions and people with answers

3. Make information centralized and accessible

The good news is that nobody at your company has to know everything. They just need to know where to find it. After all, knowledge is only valuable if people can locate it when they need it. That’s why knowledge resources should be easy to find, retrieve, and share across teams.

This is particularly critical as your organization scales: new hires can teach themselves the ropes without requiring extensive, synchronous communication with more seasoned employees who already have plenty of responsibilities and find themselves answering the same questions over and over again.

How Stack Overflow for Teams makes information centralized and accessible:

Makes information easy to locate, access, and shareSpeeds up onboarding and shortens time-to-value for new hiresAllows users to make meaningful contributions to knowledge resources without investing huge amounts of time or interrupting their flow state

4. Keep knowledge healthy and resilient

Knowledge isn’t immune to its own kind of tech debt. The major problem with static documentation is that the instant you hit Save, your content has started its steady slide toward being out of date. Like code, regardless of its scale, information must be continually maintained in order to deliver its full value.

Keeping content healthy — that is, fresh, accurate, and up-to-date — is essential. When your knowledge base is outdated or incomplete, employees start to lose trust in your knowledge. 

Once trust starts eroding, people stop contributing to your knowledge platform, and it grows even more outdated. Since SMEs are often largely responsible for ensuring that content is complete, properly edited, and consistently updated, keeping content healthy can be yet another heavy burden on these individuals. That’s why a crowdsourced platform that encourages the community to curate, update, and improve content is so valuable.

How Stack Overflow for Teams keeps knowledge healthy and resilient:

Our Content Health feature intelligently surfaces knowledge that might be outdated, inaccurate, or untrustworthy, encouraging more engagement and ensuring higher-quality knowledge resourcesContent is curated, updated, and maintained by the community, reducing the burden on SMEsThe platform automatically spotlights the most valuable, relevant information as employees vote on the best answers, thereby increasing user confidence in your knowledge

Resiliency requires learning

You can’t build a resilient organization without putting learning at the center of how your teams operate. Not only is offering access to learning and growth opportunities a requirement for attracting and retaining top talent, but fostering a culture of continuous learning protects against knowledge loss, keeps individuals and teams working productively, and encourages employees to develop skills that will make them even more valuable to your organization.

To learn more about Stack Overflow for Teams, visit us here

IT Leadership