Attention: IT Recruiters, HR Professionals, and IT & Computer Science Executives
CrowdStrike issue causes major outage affecting businesses around the world
The structure of this article is as follows: the initial section presents the breaking news and its core details, the second section offers an introduction to a personal perspective on the distinctions between job titles and candidacy, succeeded by a debate on the risks of relying exclusively on the knowledge of others, culminating with the conclusion.
The Breaking News
In the early hours of Friday, July 19, 2024, a range of businesses including airlines, telecom companies, and banks experienced service disruptions. The cause was initially unknown. However, it was later revealed that an update from cybersecurity firm CrowdStrike had triggered a significant outage, as reported by NBC. This incident affected businesses worldwide. CrowdStrike has stated that the outage was not due to a hack or any malicious activities and is currently reversing the update to resolve the issue.
The update issue at CrowdStrike seems to have impacted Windows systems globally, causing laptops to display the error screen commonly referred to as the “blue screen of death.” Microsoft announced earlier on Friday that its cloud services had largely recovered following an outage that affected its cloud applications worldwide. In a recorded phone message, CrowdStrike acknowledged, “they are aware of reports of crashes on Windows hosts related to the Falcon Sensor.“
“The glitch stems from a software update to CrowdStrike’s EDR product, which operates with elevated privileges to safeguard endpoints. Such a malfunction can lead to the operating system crashing, as observed in the ongoing incident,” stated Omer Grossman, CIO of cybersecurity firm CyberArk, in an emailed comment. He also added “It turns out that because the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days,”
The Job Title, and The Candidate
This incident is not the first of its kind, nor will it be the last. Whether the cause is local human error or an adversarial cyber-attack, speculating on the cause and effect of this significant outage is premature. In my opinion, it seems likely to be resolved, at least superficially, as all affected businesses return to normal. However, one must consider the lessons and insights to be gained from such events.
Since 2015, I have been self-employed, working as an AI developer, data scientist, instructor, and solutions consultant. My experience spans a range of tasks across various industries and institutions, including the development and implementation of AI models and algorithms, insight derivation from large datasets, creation of statistical and analytical models, and the provision of professional IT and computer science training using both my own developed tools and existing AI tools and frameworks. As a freelance contractor, I was not tied to permanent staff roles within any single organization, which meant I was completely unaware of the IT department cultures and employment metrics in corporate settings. Additionally, I was not privy to the extent to which a team might rely on a specific tool or service outsourced from a third party.
I recently decided to create a LinkedIn account to make my professional experience available for potential hiring, which explains my “open to work” tag. As I began exploring job opportunities aligned with my expertise in AI and data science, I noticed a significant trend. Most job advertisements from recruiters or HR departments seem to require candidates with high-profile titles, such as “AI Developer, AI Engineer, Data Scientist, Data Engineer, AI Researcher,” to possess a strong command of specific tools and frameworks from companies like Google, Microsoft, and Amazon. In a recent application for an AI Engineer position, I was shortlisted for a technical exam. Eager to understand the metrics and criteria for an AI Engineer, I was surprised to find that 75% of the questions focused on proficiency in certain tools and frameworks, such as TensorFlow and PyTorch. While there’s nothing inherently wrong with this, it seems that such standards for selecting candidates could lead to the type of consequences I’ve mentioned in the breaking news section.
The Perils of Depending Solely on the Knowledge of Others
When a company seeks to hire an accountant, it’s reasonable to expect proficiency in spreadsheet tools like MS Excel, Google Sheets, or Zoho Sheet, as the role typically involves executing tasks that don’t require creating or designing new financial formulas and metrics. Conversely, for a Chief Financial Officer (CFO) position, expertise in using spreadsheet tools may not necessarily indicate a deep understanding of finance and economics. Similarly, in IT management and computer science, when hiring an AI Engineer or Data Scientist, the primary consideration should be the candidate’s comprehensive knowledge of AI and underlying data principles. While proficiency in data and AI tools and frameworks is beneficial, it should not be the sole metric for determining the ideal candidate, in my view.
Based on my observations of job openings and opportunities in IT and Computer Science, I’ve noticed a rapidly emerging trend: mastery of AI tools, libraries, or frameworks like TensorFlow, PyTorch, Hugging Face, and OpenAI is often seen as qualifying one to be an AI engineer or developer. However, this is not the case unless there is a deep understanding of AI and data-driven solutions. True AI developers and engineers should be able to build tools, libraries, or frameworks from scratch, grounded in the abstract mathematical principles of AI algorithms. Realistically, we don’t need to reinvent the wheel; we should use existing tools and frameworks, but from a position of strength, being fully independent and capable of identifying any potential breaches and vulnerabilities.
Considering today’s incident, if it stemmed from an update to a tool installed on a customer’s endpoint, what would occur if an IT company’s entire business model, services, and products relied on a third-party tool, library, or framework, whether open-source or subscription-based, and an update to this tool was flawed? If the AI Engineer is merely a user of AI, the company may face severe consequences; however, if the AI Engineer is proficient, they can quickly mitigate and resolve the risk.
Conclusion
I hope the incident is resolved and that business operations return to normal without serious effects on individuals. Additionally, I trust that my conclusions and perspectives presented in this article clearly delineate the distinctions between an AI Developer and an AI Tools User, as well as between a Data Scientist and a Data Tools User. This message serves as an alert for job recruiters, HR departments, and IT managers and executives.
Leave a Reply