This is a summary of the book titled “Next! The power of reinvention in life and work” written by Joanne Lipman and published by Mariner Books in 2023. Transformation, whether from external circumstances or from internal motivation, does not have to be stressful. The author draws from remarkable transformations of both people and products from interviews and scientific research to uncover the process. Major transitions follow a four-part pattern. Gut instinct always feels right. Past failures can be learning. If something does not suit well, we forge a path ahead. Someone who believes in us can help us clarify our goals. If a company wants to make a transition, look for outside perspectives.

Major career transitions follow a four-part pattern: "Search," "Struggle," "Stop," and "Solution." The COVID pandemic prompted millions to rethink their careers, but most significant changes happen incrementally. Research and personal anecdotes reveal a common four-phase pattern: "Search," "Struggle," "Stop," and "Solution."

Deciding to make a career change is often the most challenging part, but it's important to listen to your gut instinct. Gut instincts can guide you in the right direction, stemming from your experience and knowledge. For example, James Patterson, a famous author, used his experience as an adman before becoming a best-selling novelist to appeal to customers and provide what they wanted. By following this pattern, individuals can successfully navigate their career or business transformations.

Past failures can help individuals grow and succeed by focusing on the learning process rather than the final results. Success often comes from going from failure to failure without losing enthusiasm. People who succeed after failure often search for reasons for their failures and work through the adjustment process to find a breakthrough idea. For example, figure skater Nathan Chen readjusted his mentality after losing a gold medal at the 2018 Olympics.

To learn from failure, reflect on the struggle and make small incremental changes. Allow for creative insights when searching for your next step, as decisive breakthroughs, or "aha moments," often emerge when you do something else entirely. Cognitive neuroscientists have found that during an "aha moment," the subconscious brain connects increments of unrelated or distantly related information to create a solution. To tap into the power of subconscious connections, distract yourself and create an incubation time for your subconscious brain to process your research and make connections.

Many people find themselves in need of a new career, often due to societal obstacles. Women, especially those with children, are more likely to embrace reinvention than men, creating companies that empower marginalized people. Women-owned firms have started to change the workplace into a more accepting, flexible environment.

To make a career- or life-changing transformation, it is important to prepare and lay down the groundwork before jumping into a new job. JP Morgan executive Will Brown took over 20 years to transition from being a Wall Street economist to a full-time farmer. Steve Jobs and Whitney Wolfe Herd have also made significant changes without consciously knowing it.

Trust that the struggle you are in will lead to better things and let it become a time of inspiration, research, and discovery. Find someone who believes in you to help clarify your goals. Ina Garten, for example, made her transition from working as a nuclear budget analyst to starting her culinary career by impulsively buying a 400-square-foot food shop in Westhampton Beach, New York.

Ina Garten, a successful chef, transitioned from a White House nuclear budget analyst to starting her culinary career with her husband's encouragement. This person helped her gain a professional reputation, attract celebrity clients, and expand her shops. When she decided to sell the shops, her husband's guidance helped her create best-selling cookbooks and start her TV career. It just takes one person who believes in you to help clarify your goals. Having someone who champions your strengths and provides a clear perspective can make all the difference in navigating tough career moves. Sharing your goals with trusted people can hold you accountable and support you throughout the process. If your company plans to make a transition, look for outside perspectives to guide the way. Innovative ideas rarely come from the C-suite, but outsiders may see potential where insiders can't. Companies in transition often benefit from outside perspectives, as they may see potential where insiders can't.

 Problem statement:

A message containing letters from A-Z can be encoded into numbers using the following mapping:

'A' -> "1"

'B' -> "2"

...

'Z' -> "26"

To decode an encoded message, all the digits must be grouped then mapped back into letters using the reverse of the mapping above (there may be multiple ways). For example, "11106" can be mapped into:

• "AAJF" with the grouping (1 1 10 6)

• "KJF" with the grouping (11 10 6)

Note that the grouping (1 11 06) is invalid because "06" cannot be mapped into 'F' since "6" is different from "06".

Given a string s containing only digits, return the number of ways to decode it.

The test cases are generated so that the answer fits in a 32-bit integer.

Example 1:

Input: s = "12"

Output: 2

Explanation: "12" could be decoded as "AB" (1 2) or "L" (12).

Example 2:

Input: s = "226"

Output: 3

Explanation: "226" could be decoded as "BZ" (2 26), "VF" (22 6), or "BBF" (2 2 6).

Example 3:

Input: s = "06"

Output: 0

Explanation: "06" cannot be mapped to "F" because of the leading zero ("6" is different from "06").

Constraints:

• 1 <= s.length <= 100

• s contains only digits and may contain leading zero(s).

class Solution {

    public int numDecodings(String s) {

        Integer count = 0;

        if (isValid(s.substring(0,1)))

            traverse(s.substring(1), count);

        if (s.length() >= 2 && isValid(s.substring(0,2)))

            traverse(s.substring(2), count);

        return count;

    }

    public boolean traverse(String s, Integer count) {

        if (String.isNullOrWhitespace(s)){

            count += 1;

            return true;

        }

        if (isValid(s.substring(0,1)))

            traverse(s.substring(1), count);

        if (s.length() >= 2 && isValid(s.substring(0,2)))

            traverse(s.substring(2), count);

        return count > 0;

    }

    public boolean isValid(String s) {

        if (s.length() == 1 && s.charAt(0) >= '0' && s.charAt(0) <= '9'){

            return true;

        }

        if (s.length() == 2 &&

           (s.charAt(0) > '0' && s.charAt(0) <= '2') &&

           ((s.charAt(0) == '1' && s.charAt(1) >= '0' && s.chartAt(1) <= '9') ||

            (s.charAt(0) == '2' && s.chartAt(1) >= '0' && s.chartAt(1) <= '6')) {

            return true;

        }

        return false;

    }

}

 

Just-in-time (JIT) access, also known as just-in-time privileged access management (JIT PAM), is a security approach that grants privileged access or permissions only for the finite moments needed. It eliminates always-on, persistent privileged access, known as "standing privileges." On the other hand,  Just Enough Access aka JEA model is essential for implementing the principle of least privilege. But "true least privilege" requires combining both models, so that organizations can minimize potential attackers' footholds and the paths to privilege that could escalate an attack. However, many enterprises struggle with having too many accounts with unnecessary privileges, standing access status quo, privilege blindness, and lack of context around privileged risk. By combining these approaches, organizations can significantly reduce the attack surface and minimize potential vulnerabilities. Some of the malpractices include deploying too many accounts with unnecessary privileges, permissions, and entitlements, a standing access status quo, privileged blindness, and lack of context around privileged risk.

In Amazon Web Services (AWS), limiting human access to cloud resources is crucial for security. AWS offers tools like AWS Identity and Access Management (IAM) and AWS IAM Identity Center for managing access. Granting just-in-time access to developers for a limited time based on approval is an effective way to limit active time frames for assignments to AWS resources. Okta's integration with IAM Identity Center allows customers to access AWS using their Okta identities. As an example, the roles could correspond to different job functions within your organization. For example, the “AWS EC2 Admin” role could correspond to a DevOps on-call site reliability engineer (SRE) lead, whereas the “AWS EC2 Read Only” role may apply to members of your development team. The step-by-step configuration for this involves setting up groups representing different privilege levels, enabling automatic provisioning of groups using SCIM protocol, assigning access for groups in Okta, creating permissions sets in IAM identity center, assign group access in your AWS organization, configuring Okta identity governance access requests and finally testing the configuration. Okta's integration with AWS minimizes persistent access assignments, granting access just in time for specific operational functions. This solution allows empty user groups to be assigned to highly-privileged AWS permissions, with Okta Access Requests controlling group membership duration.

In Azure, Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. These templates are designed to provide maximum protection aligned with commonly used policies across various customer types and locations. The templates are organized into secure foundation, zero trust, remote work, protect administrator, and emerging threats. Certain accounts must be excluded from these templates such as emergency-access or break-glass accounts to prevent tenant-wide account lockout and some service accounts and service principals that are non-interactive and tied to any particular user.

 Principle of Just-in-Time (JIT) privileged access:

This is a security model used in Azure public cloud to grant temporary permissions to users for performing privileged tasks. This approach helps minimize the risk of unauthorized access by ensuring that elevated permissions are only available when needed and for a limited time. Users receive elevated permissions only for the duration necessary to complete specific tasks. Once the time expires, the permissions are revoked automatically. A dedicated service in Azure services portfolio by the name Azure AD Privileged Identity Management (PIM)  manages JIT access, allowing administrators to control and monitor privileged access to Azure resources and Azure AD. PIM can generate alerts for suspicious or unsafe activities, enhancing security monitoring. This is commonly used for administrative tasks, accessing sensitive data, or managing critical infrastructure.

Amazon Web Services aka AWS also supports something similar with its Privileged Access Management aka PAM solutions where third-party solutions can be integrated into the AWS to provide ephemeral JIT access, ensuring that users only have the necessary privileges for the duration of their tasks. AWS provides  regular fine-grained permissions for users, groups and roles with its Identity and Access Management policies which can even be used to restrict access to a certain time of the day. The single sign-on service can work with different identity providers to enforce JIT access. Finally, the AWS Security Token Service can issue temporary security credentials that provide limited time access to AWS resources.

To bolster the physical security, reducing the risk of malware or unauthorized access, streamlining and restricting activities that can be performed with the escalation of privilege, Microsoft hands out Secure Admin Workstations (SAWs) that are specialized and dedicated devices used exclusively for administrative tasks. They are particularly valuable in high-risk environments where security is paramount. Public clouds happen to be the most widely used cloud but there are other clouds that can be dedicated in scope specifically for governments, defense departments and those that require tighter access control and these are collectively called sovereign clouds. These clouds are especially benefited with SAW devices. Only authorized personnel can use SAWs, and they are often subject to strict security policies and monitoring. As an example, Microsoft uses approximately 35,000 SAW devices, with a small number dedicated to accessing these high-risk environments aka sovereign clouds.

These practices help ensure that Azure remains a secure platform for both administrators and users. 

 Manifesting Dependencies:

Among the frequently encountered disconcerting challenges faced by engineers who deploy infrastructure is the way to understand, capture and use dependencies. Imagine a clone army where all entities look alike and a specific one or two need to be replaced. Without having a name or identifier at hand, it is difficult to locate those entities but it becomes even harder when we don’t know which of the others are actually using them, so that we are mindful of the consequences of replacements. Grounding this example with cloud resources in azure public cloud, we can take a set of resources with a private endpoint each that gives them a unique private IP address, and we want to replace the virtual network that is integrated with these resources. When we switch the virtual network, the old and the new do not interact with one another and traffic that was flowing to a resource on the old network is now disrupted when that resource moves to a different virtual network. Unless we have all the dependencies known about who is using the resource that is about to move, we cannot resolve the failures they might encounter. What adds to the challenge is that the virtual network is like a carpet on which the resources stand and this resource type is always local to an availability zone or region so there is no built-in redundancy or replica available to ease the migration. One cannot just move the resource as if it were moving from one resource group to another, it must be untethered and tied to another virtual network with a delete of the old private endpoint and the addition of a new. Taking the example a little further, IaC does not capture dependencies between usages of resources. It only captures dependencies on creation or modification. For example, a workspace that users access to spin up compute and run their notebooks. might be using a container registry over the virtual network but its dependency does not get manifested because the registry does not maintain a list of addresses or networks to allow. The only way to reverse-engineer the listing of dependencies is to check the dns zone records associated with the private endpoint and the entries added to the callers that resolve the container registry over the virtual network. These entries will have private IP addresses associated with the callers and by virtue of the address belong to an address space designated to a sub-network, it is possible to tell whether it came from a connection device associated with a compute belonging to the workspace. By painful enumeration of each of these links, it is possible to draw a list of all workspaces using the container registry. These records that helped us draw the list may have a lot of stale entries as the callers disappear but do not clean up the record. So, some pruning might be involved and it might change over time but it will still be handy.

 

Problem: Given a weighted bidirectional graph with N nodes and M edges and all the weights as distinct positive numbers, find the maximum number of edges that can be visited on traversing the graph such that the weights are ascending.

Solution: When a weighted edge is encountered in an ascending order between nodes, say u and v, it must be the first edge of the path starting at either u or v and no other nodes. In addition, that path starts at one vertex, goes through edge uv and then the remaining longest ascending path up to the other vertex. Therefore, the weights accumulated at both these nodes is the maximum of (w[u], w[v] + 1) and (w[v], w[u]+1) in an array w of weights of longest ascending paths starting at that vertex.

 

public static int solution_unique_weights(int N, int[] src, int[] dest, int[] weight) {

            int M = weight.length;

            int[] e = new int[N];

            Integer[] index = new Integer[M];

            for (int i = 0; i <M; i++) { index[i] = i; }

            Comparator<Integer> comparator = (i, j) -> weight[j] - weight[i];

            Arrays.sort(index, 0, M, comparator);

            for (int I = 0; i< M; i++) {

                          int u = src[index[i]];

                          int v = dest[index[i]];

                           int count = Math.max(Math.max(e[u], e[v] + 1), Math.max(e[v], e[u]+1));

                           e[u] = count;

                           e[v] = count;

             }

             return Arrays.stream(e).max().getAsInt();

    }

 

    src[0] = 0    dest[0] = 1    weight[0] = 4

    src[1] = 1    dest[1] = 2    weight[1] = 3

    src[2] = 1    dest[2] = 3    weight[2] = 2

    src[3] = 2    dest[3] = 3    weight[3] = 5

    src[4] = 3    dest[4] = 4    weight[4] = 6

    src[5] = 4    dest[5] = 5    weight[5] = 7

    src[6] = 5    dest[6] = 0    weight[6] = 9

    src[7] = 3    dest[7] = 2    weight[7] = 8

    index:  0 1 2 3 4 5 6 7  // before sort

    index:  2 1 0 3 4 5 7 6  // after sort

    e: 

    0  1  0  1  0  0  0  0

    0  2  2  1  0  0  0  0

    3  3  2  1  0  0  0  0

    3  3  3  4  4  0  0  0

    3  3  3  4  5  5  0  0

    3  3  4  4  5  5  0  0

    6  3  4  4  5  6  0  0

    

With the longest ascending path being nodes 3->1->2->3->4->5->0 and 6 edges

 

 Infrastructure as a top-down approach versus bottom-up growth.

Centralized planning has many benefits for infrastructure as evidenced by parallels in construction industry and public transportation. The top-down approach in this context typically refers to a method where policy decisions and strategies are formulated at a higher, often governmental or organizational level, and then implemented down through various levels of the system. This approach contrasts with a bottom-up approach, where policies and strategies are developed based on input and feedback from lower levels, such as local communities or individual stakeholders.

Such a regulatory approach might involve:

Centralized Planning: High-level authorities set infrastructure policies and plans, which are then executed by regional or local agencies.

Regulation and Standards: Establishing uniform regulations and standards for cloud systems, which must be adhered to by all stakeholders.

Funding Allocation: Decisions on the allocation of funds for infrastructure projects are made at a higher level, often based on broader economic and policy goals.

This approach can ensure consistency and alignment with national or regional objectives, but it may also face challenges such as lack of local adaptability and slower response to specific local needs.

On the other hand, a bottom-up approach typically involves building and configuring resources starting from the lower levels of the infrastructure stack, often driven by the needs and inputs of individual teams or developers. This approach contrasts with a top-down approach, where decisions and designs are made at a higher organizational level and then implemented downwards.

Here are some key aspects of the bottom-up approach in Azure deployments:

Developer-Driven: Individual developers or teams have the autonomy to create and manage their own resources, such as virtual machines, databases, and networking components, based on their specific project requirements.

Incremental Development: Infrastructure is built incrementally, starting with basic components and gradually adding more complex services and configurations as needed. This allows for flexibility and adaptability.

Agility and Innovation: Teams can experiment with new services and technologies without waiting for centralized approval, fostering innovation and rapid iteration.

Infrastructure as Code (IaC): Tools like Terraform and Azure Resource Manager (ARM) templates are often used to define and manage infrastructure programmatically. This allows for version control, repeatability, and collaboration.

Feedback Loops: Continuous feedback from the deployment and operation of resources helps teams to quickly identify and address issues, optimizing the infrastructure over time.

This approach can be particularly effective in dynamic environments where requirements change frequently, and rapid deployment and scaling are essential

The right approach depends on a blend of what suits the workloads demanded by the business in the most expedient manner with iterative improvements and what can be curated as patterns and best practices towards a system architecture that will best serve the organization in the long run across changes in business requirements and directions.