Featured Issues

Top 4 tricks for competing on Kaggle and why you should start If you aren't familiar with Kaggle, you should be. Hear why from two expert Kagglers in this article.  Kaggle is the world's biggest data science competition platform, and it has huge relevance to real-world data science. Competing on Kaggle means staying on top of the state of the art.  On Kaggle, you'll also meet and get the chance to team up with data scientists, data enthusiasts, and field specialists from across the globe, learning from an amazing community as you go. Consistently participating in Kaggle competitions is a card you can play smartly to show interest and passion in your data science job search. It’s also very useful for improving some specific skills that can differentiate you as a data scientist and not make you obsolete in front of AutoML solutions. And it's about far more than just the competitions – the resources available to you on Kaggle are second-to-none: Notebooks full of example code from experienced competitors that you can run with free Kaggle compute Datasets for you to explore to your heart's content Discussion forums filled with valuable back and forth  After playing with data and models on Kaggle for a while, you’ll have had the chance to see enough different datasets, problems, and ways to deal with them under time pressure that when faced with similar problems in real settings, you’ll be skilled in finding solutions quickly and effectively.  Hear from the experts Luca Massaron and Konrad Banachewicz are two Kaggle Grandmasters who have competed for over 20 collective years in 330 competitions. Here they are:  And here's how they got into Kaggle way back when: Konrad: "I started 12 years ago when I was working at a bank. At that time, R was the primary tool used in financial modeling and, one day, searching for some mundane detail of a random forest implementation, I found a script that did exactly what I needed – on Kaggle. That caught my attention, so I created an account and started looking around. My early exploits were not exactly my finest work ever ;-) but thanks to the fantastic culture of sharing I had a chance to learn from the best: how to do exploratory analysis, set up a validation scheme properly, handle missing values – all the things I wish the university statistics curriculum included. Before I knew it, Kaggle competitions became a regular component of my intellectual workout routine." Luca: "I found Kaggle just by chance 10 years ago. Reluctant to start, I finally got into a competition because it was dealing with psychometrics and NLP, my interests at the time. I immediately learned the hard reality of not properly cross-validating and got how Kaggle could have been important for me to develop my career. I never stopped since then; even when I do not have time and resources to participate in a competition in full, I still start it and give it a try because there is something new that I can learn in every competition. In competitions I ended up at the 7th position in the worldwide rankings. At the moment, I’m a 1xGrandmaster and 2xMaster." Tell me how I can be a better competitor! Luca and Konrad know better than anyone that it's easy to get discouraged on Kaggle, especially when you're just starting out and everything seems overwhelming. That's why in their new book, The Kaggle Book (https://amzn.to/3K57Wdn), they have collected all the wisdom they've built up over their long Kaggle journeys into a guide for anyone looking to get the most out of the platform. There’s even a foreword from the Kaggle Founder & CEO himself, Anthony Goldbloom.  Below are 4 suggestions, all snippets taken from the book, for getting the best out of Kaggle: 1. Design a good validation scheme "Having a proper validation strategy is the great discriminator between successful Kaggle competitors and those who just overfit the leaderboard and end up in lower-than-expected rankings after a competition."  The book dedicates a chapter to explaining designing good validation in the detail it deserves.  2. Understand the competition metric "You cannot escape the fact that the basic principle at the core of both real-world projects and Kaggle competitions is the same. Your work will be evaluated according to some criteria, and understanding the details of such criteria, optimizing the fit of your model in a smart way, or selecting its parameters according to the criteria, will bring you success. If you can learn more about how model evaluation occurs in Kaggle, your real-world data science job will also benefit from it." Chapter 5, Competition Tasks and Metrics, tackles how to deal with all the common metrics you'll see in ML tasks, as well as never-before-seen metrics that have only shown up in Kaggle competitions. 3. Build simple baselines, then iterate quickly In the book, Luca and Konrad interview over 30 Kaggle Grandmasters and Masters about their time on Kaggle, and there are clear common threads in their answers. One is the importance of keeping things simple. In Grandmaster Giuliano Janson's words: "One of the lessons learned that I always share with people new to ML is to “never get over-enamored with overly complex ideas.” When facing a new complex problem, it is easy to be tempted to build complex solutions. Complex solutions usually require time to develop. But the main issue is that complex solutions are often of marginal value, conditional on robust baselines. [...] My advice is to stick to Occam’s razor and try easy things before being tempted by more complex approaches." 4. Don't go it alone! "Teaming has its own advantages because it can multiply efforts to find a better solution. A team can spend more time on the problem together and different skills can be of great help; not all data scientists will have the same skills or the same level of skill when it comes to different models and data manipulation." Many Kagglers have met future friends, colleagues, and employers as a result of their time on the site – whether that's through directly interacting with them on the platform, competing with them, or participating in networking events like Kaggle Days. Kaggle's competition rules also favor teams over solo competitors, in terms of how points are distributed. *** For more insights like these, as well as sample code, end-to-end pipelines, and competition analysis, The Kaggle Book is available on Amazon at the following link: https://amzn.to/3K57Wdn   

Learning about risk, CISA, and stepping upLast chance! It's nearly here!We're into our final week before we host a range of big names in the business talking about what they know best - practical security in the age of AI. Drawing on a wealth of experience, they have plenty to share and will join myself for a day of insights, explorations, and, most importantly for you, discussions that build and rebuild our understanding of the landscape in these new, particular challenges.As a thank you for your continued subscription and engagement, we've even managed to get a code especially for you, my reader: by using SECPRO60, you get 30% and can book your tickets without breaking the bank. What more could you ask for?Check out the link below and clear out your calendar for next Saturday!Check it out on Eventbrite!#214: Risky BusinessLearning about risk, CISA, and stepping upWelcome to another_secpro!In cybersecurity, there's no such thing as standing still. While standing still might mean "going with the flow" in ordinary life, it means the very opposite when it comes to jousting with the adversary - indeed, standing still means "letting the flow go past you"! That's why we in the _secpro team are always pushing ourselves and pushing our readers to pick up ideas, develop skills, and stay above water in the rushing waves of "the flow"!That's why this week we are beginning a four-part series that looks into the deeds and needs of a CISA-trained professional - and, more importantly, how you can get to that plateau too. With the help of Hemang Doshi's fantastic book, we're taking the necessary steps to move from IT generalist or junior secpro into the higher echelons of auditing. Sound good? Check out this week's excerpt: Risk-Based Audit Planning.Check out _secpro premiumIf you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!Cheers!Austin MillerEditor-in-ChiefHere's a little meme to keep you going...Source: RedditThis week's articleRisk-Based Audit PlanningRisk-based audit planning prioritizes the high-risk areas of an organization so as to maximize the effectiveness of the audit. By focusing on areas with the greatest potential for financial loss, compliance issues, or operational inefficiencies, auditors can proactively identify vulnerabilities and support management in making informed decisions.Read the rest here!Interested in our Next-Gen AI Conference?If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.Introducing Mark SimosMark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.Check out the conference on Eventbrite!Introducing Nikhil KumarNikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.Check out the conference on Eventbrite!News BytesThousands kept waiting for Land Rovers after hack: UK-based automaker Jaguar Land Rover (JLR) experienced a sharp production halt across several plants due to a cyberattack, affecting operations and causing delays in vehicle deliveries. The attack was attributed to a hacker alias “Rey” from the Scattered Lapsus Hunters 4.0 group. While no customer data loss has been confirmed, authorities are investigating.Cybersecurity failures rock FEMA and 24 IT staff fired: U.S. Homeland Security Secretary Kristi Noem dismissed two dozen FEMA IT staff following serious cybersecurity mishandlings. The incident involved reactivating compromised credentials after they had been disabled, despite nearly $500 million spent on cybersecurity in FY 2025. The breach may involve state-linked Chinese hackers exploiting Microsoft vulnerabilities.SentinelOne earnings point to strong AI-driven cybersecurity demand: SentinelOne delivered better-than-expected Q2 2026 results, pushing annual recurring revenue above $1 billion and raising full-year guidance. The surge was driven by increased demand for AI-shielded cybersecurity solutions, including its acquisition of Prompt Security. Analysts attribute growth to rising generative-AI threats and tighter regulatory demands.The Resilient Retailer’s Guide to Proactive Cyber Defense: Retailers such as Co-operative and M&S are under rising threat from SIM-swapping and misconfigured appliances. This guide offers a defense blueprint: strong security hygiene, enforced password policies, timely patching, employee training, MDR services, and “assume breach” readiness help mitigate risks and safeguard reputations.Chinese hackers infiltrated critical British infrastructure: GCHQ revealed that Chinese state-sponsored group Salt Typhoon has compromised the UK’s critical infrastructure—telecoms, transport, and governmental systems—as part of a broader global espionage campaign. Active since 2021, the group is linked to multiple Chinese firms, with operations traced in 80 countries, including sensitive targeting of the UK’s NCSC.Grok's security measures have been potentially bypassed, allowing for millions to be affected with malware: Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok.This week's academiaPatient Care Technology Disruptions Associated With the CrowdStrike Outage (Jeffrey L. Tully; Sumanth Rao; Isabel Straw; Rodney A. Gabriel; Christopher A. Longhurst; Stefan Savage; Geoffrey M. Voelker; Christian J. Dameff): Cross-sectional study of 2,232 U.S. hospitals showing widespread disruptions to patient-facing and operational systems during the July 2024 CrowdStrike incident; proposes internet-measurement methods to monitor critical healthcare tech in real time.LLM Agents Can Autonomously Exploit One-Day Vulnerabilities (Richard Fang; Xinye Li; Mohit Iyyer; Yixuan Li; Yanjun Qi; David Evans; Neil Gong; Z. Morley Mao; Aurore Fass; Danqi Chen; et al.): Shows that language-model agents, given tools and goals, can autonomously find and exploit freshly disclosed (“one-day”) software bugs, raising urgent questions about automated vulnerability exploitation and defenses.On the Feasibility of Using LLMs to Execute Multistage Network Attacks (Aidan D. Singer; Mark Goldstein; Pang Wei Koh; Adam Gleave; Micah Goldblum; Zico Kolter; Dan Hendrycks) Evaluates whether modern LLMs can plan and carry out realistic, multi-step network intrusions; reports non-trivial success on chained attack tasks and analyzes controls needed to prevent misuse.Con Instruction: Universal Jailbreaking of Multimodal LLMs via Non-Textual Modalities (Zhichao Geng; Haohan Wang; Shiyu Chang; Bo Li; Huan Zhang; et al.): Demonstrates a general jailbreak strategy for multimodal models by embedding adversarial “instructions” in images/audio/etc., transferring across models and tasks; highlights weaknesses beyond text-only prompts.Injecting Universal Jailbreak Backdoors into LLMs in Minutes (Zhuowei Chen; Qiannan Zhang; Shichao Pei): Introduces JailbreakEdit, a model-editing method that plants a universal jailbreak backdoor post-training—in minutes—without dataset poisoning, preserving model utility while reliably bypassing safety.Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack (Piotr Przymus; Thomas Durieux):Forensically reconstructs the XZ backdoor (CVE-2024-3094), showing how long-term social engineering and project maintenance tactics enabled the attack; offers actionable lessons for OSS governance and CI/CD.Source: Reddit*{box-sizing:border-box}body{margin:0;padding:0}a[x-apple-data-detectors]{color:inherit!important;text-decoration:inherit!important}#MessageViewBody a{color:inherit;text-decoration:none}p{line-height:inherit}.desktop_hide,.desktop_hide table{mso-hide:all;display:none;max-height:0;overflow:hidden}.image_block img+div{display:none}sub,sup{font-size:75%;line-height:0} @media (max-width: 100%;display:block}.mobile_hide{min-height:0;max-height:0;max-width: 100%;overflow:hidden;font-size:0}.desktop_hide,.desktop_hide table{display:table!important;max-height:none!important}}