This article contains light spoilers for Yellowjackets season 3.As Yellowjackets third season winds down, the tension and conflict has only ratcheted up. Due to impulsive decisionmaking, to put it politely, from teen Lottie in episode 7, Croak, the minds behind Yellowjackets have put into motion pivotal and interweaving plot threads with major implications for the past and present timelines.During a promotional stop at SXSW Film & TV festival in Austin in early March, Den of Geek met the producers of Yellowjackets, Jonathan Lisco and Drew Comins, and series creators Ashley Lyle and Bart Nickerson inside of Paramount+s The Lodge experience, where the streamer created a nicely wooded photo opp area. No frogs or axes were present during our interview, but we were able to pick their brains about the evolution of their writing process, and how they approached some of the standout characters in season three.The creatives have different approaches when it comes to checking in with fans and engaging with specific fan theories, such as a major character death that was teased in season one. Lyle initially was intrigued by it after the shows buzzy start, but has almost entirely checked out of the discourse. Lisco referenced the feedback loop in television where they see the edits and we can see who is dimensionalizing their character more, which partially led to their decision to give the fans what they wanted: more Mari.Were really just interested in the dimensionality of the characters and people, Lyle says. This season, theyve started to really lose their minds. Theres this darkness that is potentially always hiding in the shadows.Dark, abrupt twists have become the calling card of season three but the team continues to be excited by finding ways to unlock the talented cast theyve assembled in new ways. The show has been balancing ominous themes with comedic relief like that of Warren Koles Jeff Sadecki or this seasons breakout in teenage Mari. Played by actress Alexa Barajas, Mari began the series as a secondary character in the first two seasons and has since grown to become a more prominent character this season.Alexa is a treasure, basically, she started out as a relatively secondary character on the show, Lisco says. And I think we decided that we could give her more, and we gave her more, and she just kept knocking out of the park. So we decided to take her on a real ride this season.Series co-creator Lyle expanded on how gratifying it is to find ways to grow the ensemble and find more screentime for characters who might have been sidelined in past seasons.We knew we couldnt have 12 main characters in a season, but we got very lucky that these secondary characters showed their talent and their abilities as actors. she says. [Maris] rise as a character is evidence of the shows success and increased comfortability in exploring the abilities and complexities of different characters and actors.Comedy has always been an important tool throughout the show, and during the writing process the creative team is always trying to blend the lines of humor, horror-leaning elements, and drama. People dont know what to do with shows that are like, Its a comedy but its a drama, its a horror show, says Lyle.The ability to flesh out the series secondary characters in some ways is linked to the runaway success of the show giving the creative team more latitude to take risks and experiment. For series co-creator Nickerson, the process is familiar, but its undeniable the circumstances have changed when it comes to tuning out the online noise around Yellowjackets and growing as a decision-making unit.Join our mailing listGet the best of Den of Geek delivered right to your inbox!I feel like, individually and collectively, were always sort of growing in ways we might not be able to fully comprehend, Nickerson says. You sort of like, move differently when the wind is at your back or ahead of you, or like, depending on how the circumstance shifts and changes.For Comins, the feedback and excitement is a motivational boon. I think the ability to be noisy and kind of incite that emotion, again, from people who are new to the hive of Yellowjackets and people whove been there since the beginning, he says. I think that, in of itself, is very exciting and very potent. And I think art is meant to generate discourse, right?

Tommy Callahan sucks as a salesman. So much so that midway through 1995s Tommy Boy, Tommy and his unwilling sales partner Richard take a break at a diner to drown their miseries in terrible food. Richard orders a shrimp cocktail, but when Tommy requests chicken wings, the waitress shuts him down because the kitchen is closed.What follows is an incredible combination of self-loathing and obnoxious ranting. Comparing himself to a circus boy who inadvertently smothers his beloved pet, and Lenny from Of Mice and Men, Tommy picks up a bread roll that he initially strokes, but soon enough is killing. And kill in this scene he does, with Tommy crushing the roll in his hand while screaming in equal measures of sorrow and terror.At the end of the bit, Tommy looks up at the waitress, his mussed hair and red face contrasting his simultaneous expressions of innocence and excitement. God, youre sick, the waitress chuckles, and proceeds to open the kitchen for his wings.That short bit serves as the turning point in Tommy Boy, the moment when Tommy and Richard finally click as a sales team and succeed enough to save the company. The bit, which was released into theaters 30 years ago, also captures the magic of Chris Farley as a comedian, a fantastic talent who was lost far too soon.A Friendly GiantBy his own admission, Farley wasnt the first energetic big man in Saturday Night Live history. Farley idolized the shows original maniac John Belushi, remembering fondly how his father would lose himself in laughter while watching Belushi perform. When Farley joined SNLs cast in 1990, he initially presented himself in the Belushi mold. Motivational speaker Matt Foley, which he and Bob Odenkirk created while they were both at Second City in Chicago, highlights the Belushi influence. In his introductory sketch, Matt terrorizes the suburban family who hires him, bellowing in their faces about his life in a van down by the river. The sketch ends with the family locking the doors and huddling in fear when Matt threatens to move in with them.Matt has plenty of the boiling rage that marked Odenkirks early work, long before he would snuggle his Little Women. But Farley plays it like the second coming of Belushis diner or samurai characters. Matts also one of Farleys signature characters. But he lacks the later quality that made Farley unique from Belushithat made Farley one of the most beloved actors in SNL history. He lacks Farleys innate sweetness.Later sketches would make use of Farleys guilelessness and Midwestern affability, most notably The Chris Farley Show, in which he shyly asked guests such as Martin Scorsese and Paul McCartney awkward and obvious questions. But no work captured Farleys mixture of manic energy and inherent kindness like Tommy Boy.Chaos Across the MidwestReleased in 1995 and directed by Peter Segal, Tommy Boy stars Farley as Tommy Callahan, scion of successful auto parts manufacturer Callahan Auto, based in Sandusky, Ohio. A party boy who skates by on his charm and family fortune, Tommy earns the ire of Richard (David Spade), who had to work hard to earn a top position at the company.When Tommys dad (Brian Dennehy) drops dead after marrying the duplicitous Beverley (Bo Derek), she and her con partner Paul (Rob Lowe) enact a plan to sell the Callahan company to an unscrupulous rival in Chicago. This would also in effect put most of the workers in Sandusky out of a job. To save the company, Tommy and Richard must therefore go on a tour of the Midwest, doing everything they can to sell Callahans revolutionary new brake pads and thwart Beverleys plan.As you might expect, that setup from screenwriters Bonnie and Terry Turner largely exists as a spine on which to graft comic set pieces. Each places Farleys outsized persona against Spades reserved snark. Thanks to that structure, Tommy Boy has plenty of space to show off all the varieties of Farleys approach.A simple example involves Tommy meeting Paul for the first time, introduced to our big-hearted protagonist as his new step-brother. I have a brother? Tommy asks with wonder. When Paul extends his hands, Tommy responds with affable rejection. Brothers dont shake hands, he gushes. Brothers gotta hug! He envelops Paul in a giant bear hug, dwarfing Lowe in the embrace.Join our mailing listGet the best of Den of Geek delivered right to your inbox!A later sequence finds Tommy bumbling as he attempts to fuel up Richards fancy car. After accidentally bending the door the wrong way, we watch through a window and over Spades shoulder as Farley struggles to push it back into place. With the same chaotic energy of classic physical comedians such as Roscoe Arbuckle and Buster Keaton, Farley throws himself at the door, bumbling back each time. But the kicker is the end of the bit when Richard returns to the vehicle, finding Tommy sitting inside and deliberately not looking at the now-shut car door.After taking a second to gently buff a tiny scratch on the door, Richard pulls the it open, only to have it come off in his hand. Taking one look at the horrified Richard, Tommy asks with exaggerated surprise, Whatd you do!?!Obviously, Tommy knows what he did and what Richard didnt do. But Farley channels his innate likability to sell the line, making it all the funnier.A Legacy of LaughterFarley made a few more movies before his untimely death in 1997 at the age of 33. And each of these movies have their charms, whether its teaming again with Spade for 1996s Black Sheep, going solo for 1997s Beverly Hills Ninja (1997), or swapping Spade for another uptight sidekick via Matthew Perry in Almost Heroes (1998).But none of them so perfectly suit Farleys comic sensibilities like Tommy Boy. Its in Tommy Boy, with its warm-hearted underdog story and space for big set pieces that remind us just how special Farley was.

iPhone farms banks of phones equipped with rotating temporary Apple IDs are being used to send more 100,000 scam iMessages per day, found security researchers.By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters dont even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) Unpaid toll fees, shipping fees, and more scamsCommon scams doing the rounds at present include fake demands for unpaid road toll fees; claims that shipping fees are needed to release valuable packages from Customs; and fictitious warnings about unpaid taxes.These scams are commonly carried out via email and text message, and theres a constant cat-and-mouse game between criminals and ISPs and mobile carriers seeking to detect suspicious text and links in order to block them.iPhone farms sending scam iMessagesHowever, researchers at cybersecurity firm Catalyst have found that scammers are now turning to iMessage. Because these messages are encrypted, with networks unable to see the contents, they cannot be detected and blocked.What makes things worse is they found a Chinese platform offering the use of their iPhone farms to anyone willing to pay.Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally []Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud [] To enhance effectiveness, Lucid leverages Apple iMessage and Androids RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.The group behind Lucid even includes templates scammers can use to create convincing-looking replicas of websites for companies like courier services. The XinXin group, known for developing Lucid and other PhAAS platforms, has been observed selling phishing templates designed to impersonate postal services, courier companies, road toll systems, and tax refund agencies.Catalyst includes a low-quality photo (above) of one of these iPhone farms in use.A Telegram group used to sell these PhAAS attacks has more than 2,000 members.How to protect yourselfThe main safeguard against phishing attacks is toneverclick on links sent in emails. Always use your own bookmarks, or type in a known URL.Its easy to make an email or message look like it originated from a legitimate company, so dont trust apparently-known senders. Be especially suspicious of messages urging you to act quickly to avoid fines or see packages returned to their senders.Highlighted accessoriesVia Macworld. Photo via Catalyst on background by Uriel SConUnsplash.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Includes 5G Ultrawideband, which can be super-fast but is only available in very limited areasVerizon-owned Visible seems to be offering a much better unlimited mobile data deal than its parent company. The new Visible+ Pro plan includes 5G Ultrawideband, unlimited hotspot usage, 4K video streaming, cellular service for one Apple Watch and claims to have no throttling.The cost of the plan is $45 per month, which is $20 cheaper than Verizons own Unlimited Welcome Heres what Visible says about the new plan:Unlimited talk, text & dataNever worry about overages or hidden fees with all the minutes, messages and gigabytes you need. Includes unlimited calls & texting from the US to Puerto Rico, the US Virgin Islands, Guam and Saipan.With unlimited 5G, get reliable 5G performance. All plans include 5G and 4G LTE network access and unlimited data, talk, text and hotspot.5G Ultra WidebandVisible+ Pro gives you unlimited premium data on Verizons 5G Ultra Wideband network, the fastest 5G network access we offer.UHD VideoStream all your favorite media with up to 4K UHD quality video.Smartwatch service includedGet Apple Watch service included in your plan at no additional cost (normally $10/mo)3x faster unlimited mobile hotspotYour smartphone becomes a Wi-Fi connection for devices like tablets, laptops, and more. Visible+ Pro includes mobile hotspot with unlimited data at speeds up to 15 Mbps (3x faster than our Visible plan).There are also a number of international features, including unlimited talk and text to Mexico and Canada, as well as up to 24 days a year of overseas use.The Verge notes that the plan is a significantly better deal than you can get direct from Verizon, yet seems to equal or better the quality of coverage.Its common for carriers to claim unlimited data in the headline and then include data throttling for high-usage customers in the small-print, but this doesnt seem to be the case here, so itll be interesting to see whether any catches emerge.Highlighted accessoriesPhoto byFrederik LipfertonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apr 02, 2025The Hacker NewsCompliance / Data ProtectionIntroductionAs the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.For service providers, adhering to NIST standards is a strategic business decision. Compliance not only protects client data but also enhances credibility, streamlines incident response, and provides a competitive edge. The step-by-step guide is designed to help service providers understand and implement NIST compliance for their clients. By following the guide, you will:Understand the importance of NIST compliance and how it impacts service providers.Learn about key NIST frameworks, including NIST Cybersecurity Framework (CSF 2.0), NIST 800-53, and NIST 800-171.Follow a structured compliance roadmapfrom conducting a gap analysis to implementing security controls and monitoring risks.Learn how to overcome common compliance challenges using best practices and automation tools.Ensure long-term compliance and security maturity, strengthening trust with clients and enhancing market competitiveness.What is NIST Compliance and Why Does it Matter for Service Providers?NIST compliance involves aligning an organization's cybersecurity policies, processes, and controls with standards set by the National Institute of Standards and Technology. These standards help organizations manage cybersecurity risks effectively by providing a structured approach to data protection, risk assessment, and incident response.For service providers, achieving NIST compliance means:Enhanced security: Improved ability to identify, assess, and mitigate cybersecurity risks.Regulatory compliance: Alignment with industry standards such as HIPAA, PCI-DSS, and CMMC.Market differentiation: Establishes trust with clients, positioning providers as reliable security partners.Efficient incident response: Ensures a structured process for managing security incidents.Operational efficiency: Simplifies compliance with clear frameworks and automation tools.Who Needs NIST Compliance?NIST compliance is essential for various industries, including:Government Contractors Required for compliance with CMMC and NIST 800-171 to protect Controlled Unclassified Information (CUI).Healthcare Organizations Supports HIPAA compliance and protects patient data.Financial Services Ensures data security and fraud prevention.Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) Helps secure client environments and meet contractual security requirements.Technology & Cloud Service Providers Enhances cloud security practices and aligns with federal cybersecurity initiatives.Key NIST Frameworks for ComplianceNIST offers multiple cybersecurity frameworks, but the most relevant for service providers include:NIST Cybersecurity Framework (CSF 2.0): A flexible, risk-based framework designed for businesses of all sizes and industries. It consists of six core functionsIdentify, Protect, Detect, Respond, Recover, and Governto help organizations strengthen their security posture.NIST 800-53: A comprehensive set of security and privacy controls designed for federal agencies and contractors. Many private-sector organizations also adopt these controls to standardize cybersecurity measures.NIST 800-171: Focused on protecting Controlled Unclassified Information (CUI) in non-federal systems, particularly for companies that work with the Department of Defense (DoD) and other government agencies.Common Challenges in Achieving NIST Compliance for Clients and How to Overcome ThemHere are some common challenges service providers encounter when working to achieve NIST compliance and strategies to overcome them:Incomplete Asset Inventory: An incomplete asset inventory is a common challenge due to the sheer number of assets organizations manage. To overcome this, many organizations rely on automated tools and routine audits to ensure all IT assets are accurately accounted for.Limited Budgets: Limited budgets are a frequent obstacle for many organizations, making it essential to focus on high-impact controls, leverage open-source tools, and automate compliance tasks to manage costs effectively.Third-Party Risks: Third-party risks pose significant challenges for organizations that rely on external vendors. To address this, many organizations conduct vendor assessments, include NIST-aligned clauses in contracts, and perform regular audits to ensure compliance.Addressing these challenges proactively helps streamline compliance, enhance security, and reduce risks.Step-by-Step Guide to Achieving NIST ComplianceAs mentioned above, achieving NIST compliance for clients presents numerous challenges for service providers, making the process complex and daunting. In fact, 93% of service providers struggle to navigate cybersecurity frameworks like NIST or ISO, and a staggering 98% report feeling overwhelmed by compliance requirements, with only 2% expressing confidence in their approach. However, by adopting a step-by-step method, service providers can simplify the process, making compliance more manageable and accessible for MSPs and MSSPs. The main steps for achieving NIST Compliance are:Conduct a Gap AnalysisDevelop Security Policies and ProceduresConduct a Comprehensive Risk AssessmentImplement Security ControlsDocument Compliance EffortsConduct Regular Audits and AssessmentsContinuous Monitoring and ImprovementExplore our comprehensive guide for a detailed approach to achieving NIST compliance.The Role of Automation in NIST ComplianceAligning with NIST guidelines enables MSPs and MSSPs to operate more efficiently by providing a clear and standardized framework, eliminating the need to create new processes for each client. Integrating automation tools like Cynomi's platform further enhances efficiency by streamlining risk assessments, monitoring security controls, and generating compliance reports with minimal manual effort. This approach saves time by automating risk assessments and compliance documentation, improves accuracy by reducing human error in compliance tracking, and simplifies audits with pre-built reports and templates. Cynomi's platform is particularly effective, automating risk identification, scoring, and compliance documentation while reducing manual work by up to 70%.ConclusionAchieving NIST compliance is a vital step for service providers aiming to protect client data, enhance security posture, and build lasting trust. A structured approach - combined with automated tools - makes it easier to manage compliance efficiently and proactively. By adopting NIST frameworks, service providers can not only meet regulatory requirements but also gain a competitive advantage in the cybersecurity market.For a detailed look at how to achieve NIST compliance, explore our comprehensive guide here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials."Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis published Tuesday.Outlaw is also the name given to the threat actors behind the malware. It's believed to be of Romanian origin. Other hacking groups dominating the cryptojacking landscape include 8220, Keksec (aka Kek Security), Kinsing, and TeamTNT.Active since at least late 2018, the hacking crew has brute-forced SSH servers, abusing the foothold to conduct reconnaissance and maintain persistence on the compromised hosts by adding their own SSH keys to the "authorized_keys" file.The attackers are also known to incorporate a multi-stage infection process that involves using a dropper shell script ("tddwrt7s.sh") to download an archive file ("dota3.tar.gz"), which is then unpacked to launch the miner while also taking steps to remove traces of past compromises and kill both the competition and their own previous miners.A notable feature of the malware is an initial access component (aka BLITZ) that allows for self-propagation of the malware in a botnet-like fashion by scanning for vulnerable systems running an SSH service. The brute-force module is configured to fetch a target list from an SSH command-and-control (C2) server to further perpetuate the cycle.Some iterations of the attacks have also resorted to exploiting Linux- and Unix-based operating systems susceptible to CVE-2016-8655 and CVE-2016-5195 (aka Dirty COW), as well as attack systems with weak Telnet credentials. Upon gaining initial access, the malware deploys SHELLBOT for remote control via a C2 server using an IRC channel.SHELLBOT, for its part, enables the execution of arbitrary shell commands, downloads and runs additional payloads, launches DDoS attacks, steals credentials, and exfiltrates sensitive information.As part of its mining process, it determines the CPU of the infected system and enables hugepages for all CPU cores to increase memory access efficiency. The malware also makes use of a binary called kswap01 to ensure persistent communications with the threat actor's infrastructure."Outlaw remains active despite using basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence," Elastic said. "The malware deploys modified XMRig miners, leverages IRC for C2, and includes publicly available scripts for persistence and defense evasion."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

John Edwards, Technology Journalist & AuthorApril 2, 20255 Min ReadYuri Arcurs via Alamy Stock PhotoWhen it comes to business and technology tasks, many IT leaders believe they can do anything. While this may be generally true, it also opens a potential trapdoor. Actually, no leader can work effectively and efficiently without delegating specific tasks to qualified team members. Over time, failing to offload routine tasks to subordinates will prevent the leader from focusing on other, critical priorities.Even when an IT leader recognizes the need to delegate tasks, failing to provide sufficient guidance can lead to delays, warns Pavlo Tkhir, CTO at digital transformation company Euristiq, in an email interview. This includes failing to set deadlines, task priorities, and project goals. "It causes confusion, which slows down the process and kills motivation," he explains.Failure to CommunicateClear communication is essential, says John Kreul, CIO at insurance firm Jewelers Mutual. He advises IT leaders to spend time with team members in small group meetings, one-on-ones, and town halls to build trust and confidence. "The goal is to create an environment where the leader can listen to feedback, take and answer questions, and, ultimately, drive clarity and transparency," Kreul states in an online interview.If goals aren't effectively communicated, team members will be prone to making incorrect assumptions. This can lead to trouble when the leader realizes that project outcomes aren't aligning with broader enterprise objectives. "It obviously causes delays, because the team will need more time to figure out what they need to do," Tkhir says. "On top of that, it can really undermine your authority as a leader and damage overall team dynamics due to lost trust."Related:Customer-CentricityA major mistake many IT leaders make is failing to develop an Agile customer-centricity plan, whether it's for internal or external customers. "It's the starting point and the North Star when there's a question about direction or next steps," says executive team coach Keith Ferrazzi, via email.Theres a difference between what's urgent, whats important, and what's both, Ferrazzi says. "Being able to focus attention on the most pressing and high-value tasks that make up a sprint -- a practice of breaking-down complex projects into smaller, simpler sprints of work -- is essential." This is the key attribute in the most successful Agile teams.Intelligent DelegationThe ultimate goal should be seeing team members self-assign tasks, identify potential roadblocks, and allocate support, Ferrazzi says. He also believes that IT leaders should allow their teams to hold fellow team members accountable. "In this way, the team adopts 'teamship,' with a contract of peer-to-peer accountability."Related:Without driving individual and team connectivity, and getting close to what's happening, it's impossible to understand how the team really feels, Kreul says. Actively listen, assess how well team members understand current priorities, provide feedback and, finally, self-reflect on your performance as a leader, he advises. "The ultimate harm is low employee engagement, which leads to poor customer experiences, inconsistent execution, and regrettable turnover."All AboardLogical task delegation is essential. "You should provide context on tasks by outlining the 'why' of it and articulating main requirements and goals," Tkhir says. "You need to set clear deadlines and expectations, including key metrics." It's also important to create a check-ins schedule throughout the task completion period, allowing team members to know when they will have an opportunity to have their questions addressed.A leader should set guardrails yet allow the team to own their tasks and drive execution. "Empowerment will drive ownership and foster a curiosity to learn versus being told what to do," Kreul says. "Task ownership will allow personal and team growth through learning by doing -- critical experiences for growth."Related:An effective way to ensure successful task delegation is to encourage feedback and rapidly act on necessary changes or improvements. A post-task analysis can also help team members feel engaged. "Run a review session, where the team can share their perspectives on how the project went in terms of task delegation and completion," Tkhir says. "This is also a good way to facilitate open communication within your team or company."Ferrazzi says that IT leaders shouldn't micromanage Agile teams, but ask strategic and reflective questions at review points, such as: What did we achieve in the last two weeks? Where did we struggle and why? What will we achieve in the next two weeks?Parting ThoughtsLet go of the perceived need to control -- trusting your people is often hard, but it will lead to engaged and empowered teams, Kreul says. "Recognize and put your people first," he advises. "Recognition reinforces the value of your teams work and motivates future contributions."About the AuthorJohn EdwardsTechnology Journalist & AuthorJohn Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic Design. He has also written columns for The Economist's Business Intelligence Unit and PricewaterhouseCoopers' Communications Direct. John has authored several books on business technology topics. His work began appearing online as early as 1983. Throughout the 1980s and 90s, he wrote daily news and feature articles for both the CompuServe and Prodigy online services. His "Behind the Screens" commentaries made him the world's first known professional blogger.See more from John EdwardsWebinarsMore WebinarsReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Vendor relationships have been changing over the years, with more vendor organizations becoming consultative in nature. For decades companies have been adding a service arm to expand their share of wallet, a KPI that doesnt necessarily benefit customers. The ultimate test of a vendors value is the business value realized as the result of the partnership.Vendor relationships are more important than ever before, says AJ Thompson, chief commercial officer at IT consultancy any Northdoor. With technology solutions now so complex and constantly changing, he says you can't underestimate how important solid relationships between organizations and vendors have become. This is true in several ways. Tech is getting more complicated by the day, so vendors who really know their stuff are worth their weight in gold. They share knowledge and provide the support you just can't get elsewhere.One of the big benefits of a strong vendor relationship is that enterprises get early access to new technologies and features, which helps chief information officers stay current. Its also important to have trustworthy vendors that maintain decent security and compliance amid increasingly complex regulatory landscapes.When youve found good relationships, you end up with solutions that actually fit your needs and more wiggle room during implementation, says Thompson. Plus, when things go wrong -- and they always do -- problems get sorted much faster when you're on good terms.Related:Trust is the necessary foundation, which is built through open communication, solid performance, relevant experience, and proper security credentials and practices. [P]eople buy from people they trust, no matter how digital everything becomes, says Thompson. That human connection remains crucial, especially in tech where you're often making huge investments in mission-critical systems.For example, when Northdoor was implementing a complex solution for a client with an extremely tight deadline and hit a snag, its primary vendor's account manager brought in the senior engineering team within hours to resolve the issue.[That account manager] knew our business well enough to understand the stakes and trusted us when we emphasized the urgency, says Thompson. That kind of responsiveness simply doesn't happen with transactional vendor relationships. In fact, the client later mentioned that watching how our vendor partner responded during that crisis gave them more confidence in our overall solution than any sales presentation could have.Related:AJ Thompson, NorthdoorThats why Thompson invests significant time in regular face-to-face meetings with Northdoors key vendors discussing products and roadmaps and the people behind them.Vendors who don't hide their limitations and are upfront about their capabilities tend to earn trust quickly. Meeting SLAs consistently matters enormously, says Thompson.Those who [understand] the specific challenges of your industry are gold dust, particularly in IT and cybersecurity where proper security practices and the right certifications make all the difference to confidence levels.Ashish Malhotra, president at management advisory firm Ampalyst Advisors, says selecting a vendor and executing a professional services agreement is relatively straightforward, but getting it wrong is prohibitively expensive.In todays dynamic technology landscape, vendor selection is more critical than ever, says Malhotra. As companies increasingly favor a buy over build approach, choosing the right vendors becomes paramount.Vendors can provide significant value in several ways, such as providing access to global talent and ecosystems, having the flexibility to scale resources up or down as needed, and shifting human capital from fixed to variable costs.Related:Vendors can also help their customers address in-house skills gaps and reduce managerial overhead costs. Importantly, customers can benefit from the industry expertise gained from multiple client engagements and innovative problem-solving approaches while ensuring adherence to proven methodologies and upskilling internal staff in emerging technologies. However, most important of all is trust.Trust is fundamental in partnerships, but in customer-vendor relationships, it must be paired with verification. Third-party governance is a critical function that should remain independent of the outsourcing arrangement, says Malhotra. Yet, many organizations make the mistake of allowing vendors to self-govern through dashboards, report cards, and operational meetings leading to weakened oversight.An executive-level technology governance framework helps ensure effective vendor oversight. According to Malhotra, it should consist of five key components, including business relationship management, enterprise technology investment, transformation governance, value capture and having the right culture and change management in place.Beneath the technology governance framework is active vendor governance, which institutionalizes oversight across ten critical areas including performance management, financial management, relationship management, risk management, and issues and escalations. Other considerations include work order management, resource management, contract and compliance, having a balanced scorecard across vendors and principled spend and innovation.Vendors that excel in these areas build greater trust, says Malhotra. Trust is not an abstract concept -- it is measurable through quantifiable performance indicators.Igor Epshteyn, president and CEO at digital product engineering company Coherent Solutions, believes as AI, cybersecurity, and compliance requirements are growing more complex, cooperating with a trusted vendor means having a partner who can provide up-to-date solutions.For businesses cooperating with IT vendors, it is crucial to choose digital engineering partners who have a proven track record and recommendations and, importantly, can guarantee strong cybersecurity measures, says Epshteyn.The Biggest Mistakes Vendors MakeOne of the biggest mistake vendors make is failing to drive tangible value for customers. Instead, the relationship is more transactional in nature, with the goal of upselling and cross selling products or solutions regardless of how the implementation will likely playout in the long term.Over-promising and under-delivering, poor communication, being stuck in their ways or vanishing after the sale absolutely kill trust and damage relationships beyond repair, says Northdoors Thompson. Vendors who refuse to adapt to changing needs are a write-off, and those who focus too much on closing deals rather than providing ongoing support won't keep clients for long.Ampalysts Mahotra says one of the biggest mistakes vendors make is bundling their services into rigid, all-inclusive packages that customers cannot easily modify. This includes offering a 2% innovation credit that customers do not know how to utilize, embedding proprietary portals and tools that cannot be decoupled if the customer terminates the contract and structuring contracts that lock customers in rather than fostering loyalty through performance.Ashish Malhotra, Ampalyst AdvisorsWhile [bundled services] are marketed as value-adds, they often function as exit constraints. As customers mature in their procurement strategies, they prefer vendors who win future business through high net promoter scores and strong performance -- not those who rely on contractual entrapment, says Malhotra. He says that while customers must ensure vendors are not earning excessive margins, sustainable partnerships require vendors to maintain healthy profitability. A well-structured engagement should be mutually beneficial rather than a race to the lowest cost.Coherent Solutions Epshteyn says missteps in communication, unresponsiveness, and overpromising are quite common.Clients should receive regular feedback, and their issues should be addressed as soon as possible by a dedicated account manager, says Epshteyn. Vendors who aim to build long-term and trustworthy partnerships should make sure they deliver on their promises, set clear deadlines, and are transparent about challenges and changes.How CIOs Should Approach Vendor RelationshipsNorthdoors Thompson says CIOs should do their homework on both a vendors technical capabilities and how they treat their customers.Set clear expectations and measurable KPIs from day one so everyone's on the same page. Schedule regular reviews to keep things on track and nip problems in the bud, says Thompson. Try to create genuine partnerships rather than just transactions. Where appropriate, get vendors involved in strategic discussions [because] it leads to much better outcomes. And finally, put real time and effort into nurturing key vendor relationships. Theyre strategic assets that pay off tremendously.Ampalysts Malhotra says vendor selection should involve both threshold and comparative criteria. The threshold criteria are binary conditions that vendors must meet to be considered. Missing any of them should preclude a vendor from further evaluation. These criteria may involve environmental factors like political and social stability where the vendor operates, legal protections including robust regulatory frameworks and IP security, and company-specific requirements such as minimum revenue size, relevant domain expertise, compliance with industry regulations and talent availability.Once vendors meet the threshold criteria, they should be assessed using a ratings-based approach that considers the infrastructure and technology ecosystem, depth of talent and expertise, cost structure, and financial viability. Other important considerations include the labor pool size, literacy rates, and access to educational institutions as well as language and communication proficiency.Vendor selection is just the first step, says Malhotra. Managing these relationships is the companys responsibility and cannot be outsourced. This is where technology governance and third-party governance become essential in sustaining long-term, value-driven partnerships.As the tech landscape continues to evolve, strong vendor relationships become a critical differentiator.[Strong vendor relationships] not only help in navigating complex technological challenges but also drive innovation and create strategic value, saysThompson. By focusing on transparency, performance, and mutual growth, organizations can cultivate vendor relationships that significantly contribute to their success in the digital era."

Third round of public consultation includes revised outline for up to 3,800 additional homes, as well as proposals for commercial space, community facilities and landscapeShared gardenSource: Eddington / Hawkins\BrownNeighbourhood streetSource: Eddington / Hawkins\BrownThe commonSource: Eddington / Hawkins\Brown1/3show captionThe University of Cambridge has launched the third round of public consultation on the future phases of its Eddington development, unveiling updated plans that could see up to 3,800 new homes delivered in North West Cambridge.The revised proposals form part of an outline planning application expected later this year and follow two earlier rounds of consultation held in September and December 2024. The updated masterplan includes reworked strategies for land use, access, building height and public realm.If approved, Hawkins\Browns plans would bring the total number of homes at Eddington to approximately 5,650, including the 1,850 homes already delivered or under construction in the first phase.According to the university, the scheme seeks to address long-term demand for housing among key workers and post-graduate students. Up to 50% of the homes in future phases are intended for university-affiliated staff.Source: Eddington / Hawkins\BrownCommunity laneThe proposed density for the future phases is 108 homes per hectare, compared with 90 homes per hectare in phase one. Residential buildings will range from two to six storeys, with some landmark structures reaching up to eight storeys.The tallest buildings are planned for the central parts of the development, while building heights will taper towards the site edges. Rooflines will vary to create a mix of architectural forms.In total, over 50 hectares of open space are proposed, with new landscaped areas including meadows, woodland, sports pitches and shared gardens. One section, named Brook Leys, will act as a buffer along the M11, incorporating walking and cycling routes, a 5km running route, and noise attenuation measures.The university states that 79% of existing trips to and from Eddington are already made using walking, cycling or public transport, and it seeks to maintain this level by extending active travel routes across the expanded site.Internal roads will be designed for 20mph travel speeds, and car parking will remain limited for key worker housing, with an emphasis on shared transport options and electric vehicle charging for market homes.Source: Eddington / Hawkins\BrownWestern edgeThe updated masterplan also includes 100,000sq m of employment space intended to accommodate office, mid-tech and University research facilities. It makes provision for a new nursery and designates space for community growing plots.Additional sports and recreation facilities are proposed, including a 3G pitch and BMX tracks. Plans also include healthcare infrastructure, with the fit-out of a new health centre expected to be completed by 2026.The university says the proposals reflect stakeholder input from the first two consultation rounds. A staff housing survey conducted last year found that more than 88% of post-doctoral researchers struggled to find suitable accommodation in the city, with nearly three quarters expressing interest in living at Eddington.Matt Johnson, head of development for North West Cambridge, said: At this third public consultation, were looking forward to showing how we have developed our masterplan by taking onboard the feedback we have received in the first and second rounds last year.The consultant team includes Grant Associates as landscape architect, Quod as planning consultant, and Max Fordham as sustainability consultant.A drop-in event will take place at the Storeys Field Centre in Eddington tomorrow from 15:00 to 19:00. The University is expected to submit its outline planning application later in 2025.

Brief asked for teams to propose ways to ensure quality in governments 1.5 million homes targetElephant in the City - Morris+Company, Hub, Stantec_Hydrock, Studio Knight Stokoe Permitted Development +Ash Sakula with Human Nature One House, Two Homes... make a neighbourhoodRCKa Beta Boroughs - How Could Better Data Help Us Beat the Housing Crisis_A IS FOR ARCHITECTURE, WSP, Spacehub F.U.N.N.E.LElephant in the City - Morris+Company, Hub, Stantec_Hydrock, Studio Knight Stokoe Permitted Development +James Waddington with Nathaniel Welham and WSP The Rail Belt1/6show captionThe longlist for this years Davidson Prize has been announced, featuring teams led by Morris & Co, Ash Sakula and rCKA.The fifth annual competition, which is run by the Alan Davidson Foundation, has asked for innovative solutions to the UKs housing crisis and fresh approaches for how to use land.Proposals to build on railway lands, high street infills, new concepts for brownfield regeneration and innovative models for housing in protected rural landscapes are among 16 longlisted entries.The projects were selected by a panel chaired by architect and planner Pooja Agrawal of Public Practice and comprising urban designer and researcher Akil Scafe-Smith of Resolve Collective, developer Jonathan Falkingham of Urban Splash, architect Jonny Buckland of Studio Saar and journalist Lucy Watson of the Financial Times.This years brief invited multidisciplinary teams including architects to address issues arising from the UK governments ambitious target of building 1.5 million homes over the next five years.It asks where these homes could be built and how quality as well as quantity can be ensured as part of a set of policies which have loosened planning rules and established mandatory housing targets for local authorities.The panel said the longlist was underpinned by some radical ideas around the policies, finance and funding systems of housebuilding, including concepts for combating urban sprawl through densification and infill solutions, new housing typologies, and innovative retrofit solutions.Agrawal, chief executive of Public Practice, said: One of the great things about The Davidson Prize is the way it brings together multidisciplinary teams. For me thats not just about bringing together different professional skill sets, but also peoples lived experiences. After all housing is about peoples homesThe range of proposals we assessed were varied, tackling finance, typologies and planning. There were so many interesting ideas to learn from and collectively they provided a vision for what the future of housing in the UK could look like.The longlisted and finalist projects will be showcased during the London Festival of Architecture on 10 June2025 at Heatherwick Studios London headquarters, Making House in Kings Cross, when the winner of the 10,000 Davidson Prize will be announced.The winning team will also receive a week of Hayes Davidsons support to help them engage key decision makers in UK housing with their concept, to take it further and help them realise their ideas.The public is invited to vote for its favourite project from the longlist here until 28 April 2025 at 18:00 GMT. The Peoples Choice winner will be announced during the award ceremony in June.The 2025 Davidson Prize longlist:A IS FOR ARCHITECTURE, WSP, Spacehub - F.U.N.N.E.LAOMD, Edit, Periscope, Dion Barrett, Ruth Lang - Hardworking LandscapesAsh Sakula with Human Nature - 1 House, 2 Homes make a neighbourhoodCARD Projects, PATCH Collective, and System of Systems - WearWorkClifton Emery Design, Nudge Community Builders, Millfields Trust, Plymouth Energy Community, Devon and Cornwall Planning Consultants - 300 Homes within a Union Street Miledaab Design Architects, HomeGrown Plus, Expedition Engineering, Robert Bird Group, ThirdRevolution Projects, Atelier Crescendo - Between the Lines - Living with IndustryElephant in the City Morris+Company, Hub, Stantec / Hydrock, Studio Knight Stokoe - PermittedDevelopment +FLOC, MAZi, Hyem, Stef Leach, Broaden, Thurston Illustration, SHED, Artis, Henna Asikainen - Positive Disturbance Realising Brownfield PotentialHarper Perry, Urban Design Works and Studio Mint with North East Combined Authority and NEXUSTyne and Wear Metro - MetrolandJames Waddington with Nathaniel Welham and WSP - The Rail BeltRCKa - Beta Boroughs How Could Better Data Help Us Beat the Housing Crisis?Studio Woodroffe Papa Ltd, Lawrence Barth, Almitra Roosevelt and Anagha Othalur of AA Housing And Urbanism, Whitby Wood, XCO2 - Kommuna PalaceThe Place Bureau - Forever Island A New Model for Young IslandersUniversity of West England Students - Growing PlacesWilliam Burgess & Oliver Burgess - Living in the LandscapeA community for all agesYolande Barnes Consulting & Space Syntax - RUN!