Florence Mottay started her career in cyber security, researching exploits for security vulnerabilities in a small US startup. Today, she is the group chief information security officer (CISO) at Zalando, a high-tech online fashion retailer that boasts over 50 million customers in 26 markets.
Zalando, she says, is more of a technology company than a retailer, offering its shoppers artificial intelligence (AI)-powered apps that can help them choose the right outfit for an occasion or take their measurements by capturing an image on a mobile phone.
The company’s move to generative AI (GenAI) has created unique challenges for Mottay and her 100-strong IT team. There were no blueprints, so it was a matter of working it out from scratch while working closely with other parts of the business.
Mottay says she “fell into” a career in computer security after receiving an offer from a university in Florida, where she was studying maths during an exchange programme.
“I met a professor of software engineering who must have seen some potential because he said he would sponsor the rest of my bachelor’s degree and my master’s degree if I agreed to switch from mathematics to software engineering and to work on some of the research grants he was getting,” she says.
Starting at a security startup
In 2003, Mottay was offered a job in a small startup that specialised in creating security exploits for US government contractors, such as Raytheon and Northrup Gruman. “I was employee number seven.”
Security Innovation, as the company became known, developed proof-of-concept exploits to show how security vulnerabilities in software could be misused by hackers or bad actors if they were left unfixed.
It was a steep learning curve, says Mottay in an interview with Computer Weekly at a SANS cyber leaders summit in London. “For six months, I used to go home after work and study until 3am on how to create exploits, and I became pretty good.”
Two years later, she was asked to open a branch of the company in the Netherlands to develop exploits for European companies. The branch grew and was taken over by a larger company. Other security posts followed.
Making a switch to retail
After 10 years, Mottay changed direction, taking up a post as director of IT security at Dutch retailer Ahold, owner of the Albert Heijn supermarket chain. Soon after, Ahold merged with the Belgian multinational retailer Delhaize. By 2019, Mottay had risen to become its global CISO and vice-president for information security.
“We’re here to support the business and we’re here to enable, so we need to find ways to enable what the business ambition is, and I think that is how you build trust”
Florence Mottay, Zalando
“I quickly found out that stakeholder management and partnering with the business was the way to success,” she says. “I started building relationships.”
Ahold and Delhaize had similar history, culture and approaches to business, but their IT systems were different. When the companies came together, some IT systems were merged, and in other cases, each company kept its own distinct technology.
“For us in security, we found ways to secure whichever choice was made,” she says.
From vulnerabilities to fashion
In 2022, online fashion retailer Zalando was looking for someone to transform its security operations and made an approach.
Zalando had an “entrepreneurial spirit” and a focus on innovative digital technology that was instantly attractive to Mottay. “It was like, ‘Oh my god!’”
Her brief was to reposition cyber security from a vertical operation that sat alongside other business units in the organisation to a horizontal operation that runs through every part of Zalando.
For Mottay, it was back to building trusted relationships with her new team and the board. That meant finding ways to support the company’s objectives and to navigate around any security issues that arose rather than seeing them as blockages.
“We’re here to support the business and we’re here to enable, so we need to find ways to enable what the business ambition is, and I think that is how you build trust,” she says.
Mottay says she is fortunate that every business leader at Zalando has a good understanding of technology and cyber security. “It is unusual, but it’s actually quite exciting,” she says. “It’s very cool.”
Acting fast with AI
Managing security has become more of a challenge for CISOs like Mottay as GenAI begins to pose new challenges.
“If you think about ransomware, AI is an accelerator,” she says. “It makes attacks more accessible to people, and it makes them faster as well. So that means as a cyber security function, we have to be faster than ever before.”
When there is an attack, I understand how it was created. I can dive deep where I need to, thanks to my technical background Florence Mottay, Zalando
It’s more important than ever for organisations to have visibility of everything that is happening on their computer networks, she says.
Take the Log4j security vulnerability discovered in 2021, which exposed a wide range of applications across the enterprise to remote code execution attacks. The wide distribution of vulnerable software in cloud services and on-premise made it difficult for organisations to detect and patch.
“If you had a bill of materials, you could quickly see where all the instances that were vulnerable were and address them. So, it’s the same thinking – if something is going on, can we look and identify where we need to act as fast as possible?” she says.
Zalando is using AI to triage security alerts, but keeping on top of the threats requires “constant upskilling” of the security team and continual monitoring of threat intelligence.
Mottay’s experience developing exploits and studying vulnerabilities has stood her in good stead. “When there is an attack, I understand how it was created,” she says. “I can dive deep where I need to, thanks to my technical background.”
Adapting to the GenAI dynamic
At the same time, Mottay and her 100-strong security team are supporting Zalando’s ambitious generative AI programme.
Zalando began work on GenAI-powered shopping assistants to help its customers with their shopping soon after the launch of ChatGPT in late 2022.
Mottay was asked to help deal with some of the risks posed by AI, including bias, hallucination and misinformation, which fall outside the natural remit of IT security.
Some of the security team were already enthused by generative AI and had begun experimenting with it, so Mottay turned to them first.
“When I got the call, I went to them … and I said, ‘Hey guys, do you want to help? Do you want to partner? Let’s just do it’,” she says. “And so they started working with the business.”
Zalando’s AI-powered fashion assistant helps customers choose the right outfit for any occasion
There were some clear risks. For example, an AI system could agree to let customers return clothes for a refund even if they had worn them for several years. Or they could offer the same item at different prices to different people.
Mottay’s team assembled 80,000 prompts to train the model in a secure way. They classified each prompt into three categories: business-related enquiries about, for example, items for sale; non-business-related enquiries, such as an irrelevant question about ingredients for a recipe; and malicious enquiries, such as a request to run computer code.
The company launched its AI-powered Zalando fashion assistant in selected markets in 2024. The tool can answer questions such as: “I have been invited to a wedding in Barcelona, in October, and the reception starts in the church and finishes on the beach. I am struggling to find a good outfit. Could you suggest one for me?”
The next challenge will be how to manage the security of agentic AI, which in future will be able to perform automated tasks for customers and the company.
While it doesn’t make sense to control AI agents, which by definition have the ability to take action autonomously, Mottay is working with the company to develop overarching rules that will act as safeguards.
The rules will include ensuring that a human is accountable for each AI agent, ensuring that each agent has a clear mandate and that it does not have capabilities that go beyond its mandate, ensuring there is an audit trail of each agent’s actions, and making sure a human is always involved in any high-risk decisions.
“We are not perfect, but we have something good in place, and we are continuously improving. We are looking at agentic security and what we need to put in place to be ready when the business is ready,” she says.
Before anything else, you’ll have to decide between ink and laser. I’ll get into the details when it comes to each model, but the most important consideration is paper type, because it’s a limitation rather than a benefit. Laser printers use heat in the bonding process, which means if you regularly print on windowed envelopes or photo paper, you’ll need to either use an ink printer or change to a thermally safe alternative, which can be cost prohibitive if you print a lot.
Inkjets are the most common flavor of home printer, and they work like you might expect, by boiling ink until it splatters through a series of tiny holes. You didn’t expect that? Me neither! Pretty exciting stuff.
Inkjet printers come in two flavors, with either prefilled cartridges or built-in tanks. The latter is quickly becoming more popular thanks to better pricing, more convenience, and a massive reduction in wasted plastic. If you’re buying a new printer in 2025 you should opt for an ink tank, if not a laser printer. They’re a little more work to setup and maintain, since you have to keep the tanks topped off, and they should remain in one place on a flat surface to avoid leaks. I can’t imagine many situations where a printer would be constantly moving and tilting, but it’s a consideration.
You thought InkJets were cool? Laser printers work by blasting a tube full of dried plastic particles, then fusing them to the paper with heat. They tend to cost more upfront, but the cost per page is overall much lower. Where a $20 ink cartridge might print 200 pages, a $60 toner cartridge could print 2000. They tend to be a lot faster than inkjet printers, and you don’t have to worry about them drying out. Plus, the pages come out of the printer nice and warm, and you can’t really put a price on that.
There are also thermal printers, which are commonly used for receipts or shipping labels. Instead of filling the printer with ink and depositing it onto a surface, they apply heat in precise patterns to special paper, allowing you to print text and images in low resolution, and typically in one color. If you print shipping labels or simple stickers at home, these can save you a lot of time and ink cost, but they have more limitations.
Laser printers are my preferred type, as long as your paper type and budget can support them, but most home users will be happy with an ink tank printer.
“In general, we are noticing many of these shoes have more of a road running influence than they do trail,” says Bodin. “So, there will be a mix of foams, midsole geometries, less attention to fit, and a more subtle outsole pattern compared to trail shoes.”
What Are the Benefits of Gravel Shoes?
In a word: versatility. You can lace up a gravel shoe at home with confidence that they’ll handle whatever lies ahead, provided you’re not hitting a really technical trail or ankle-deep mud.
“Many of the shoes in this category can run well on roads, gravel paths, and light trails,” says Bodin. “That’s not something that very many strictly road shoes or dedicated trail shoes can do.”
The more rockered midsoles aim to smooth your heel-to-toe transitions, cutting the calf muscle fatigue over uneven ground and on longer runs. They’re also often lighter than technical trail shoes, thanks to the smaller lugs, less pronounced rock plates, and lower levels of upper reinforcement. That serves up more agility than heftier trail shoes, so you can move faster and lighter over runnable ground.
Do Gravel Shoes Feel Different From “Regular” Trail Shoes?
“Yes and no,” says Bodin. A lot depends on the brand. Some companies, like Craft, have many gravel-specific options. Others, like Salomon and Hoka, use their redesigned road running shoes for their gravel category.
Gravel shoes also have limits, warns Bodin. “In my experience, most gravel shoes will be limited when they reach a moderately technical trail-running scenario. Again, because the bulk of the gravel shoe experience is focused on the overall ride on smoother terrain, performance declines when there are more turns or more challenging terrain with rocks and roots.”
Do You Really Need a Gravel Shoe?
Photograph: Kieran Alger
Like everything in running shoe world, that depends. There are trail shoes out there with the chops to conquer everything from technical to more runnable terrain, like the Hoka Speedgoat 6 ($125). Some of the pricier trail shoes like the North Face Vectiv Pro 3 ($250) pair modified versions of their springy road-shoe foams with carbon plates to deliver bouncier rides that don’t feel out of place on the road. I’ve tested loads of these shoes, and some top-tier trail shoes run better on the road than cheaper road shoes.
However, if you regularly tackle firmer, less technical mixed terrain on your runs, generally in drier conditions—and rarely venture onto more technical trails—there’s a good case for investing in a gravel shoe. It’ll carry you happily from road to trail and back again, and even cover your road runs on the way to the trail.
Likewise, if you’re a newcomer to trail running, a gravel shoe could be a good halfway house as you transition from the asphalt to the single track, thanks to a ride which retains some road-shoe familiarity. They’re also an excellent suitcase shoe—if you’re traveling and you can only fit one shoe in your luggage, the versatility of a gravel shoe makes it a great choice.
Here’s a test for infants: Show them a glass of water on a desk. Hide it behind a wooden board. Now move the board toward the glass. If the board keeps going past the glass, as if it weren’t there, are they surprised? Many 6-month-olds are, and by a year, almost all children have an intuitive notion of an object’s permanence, learned through observation. Now some artificial intelligence models do too.
Researchers have developed an AI system that learns about the world via videos and demonstrates a notion of “surprise” when presented with information that goes against the knowledge it has gleaned.
The model, created by Meta and called Video Joint Embedding Predictive Architecture (V-JEPA), does not make any assumptions about the physics of the world contained in the videos. Nonetheless, it can begin to make sense of how the world works.
“Their claims are, a priori, very plausible, and the results are super interesting,” says Micha Heilbron, a cognitive scientist at the University of Amsterdam who studies how brains and artificial systems make sense of the world.
Higher Abstractions
As the engineers who build self-driving cars know, it can be hard to get an AI system to reliably make sense of what it sees. Most systems designed to “understand” videos in order to either classify their content (“a person playing tennis,” for example) or identify the contours of an object—say, a car up ahead—work in what’s called “pixel space.” The model essentially treats every pixel in a video as equal in importance.
But these pixel-space models come with limitations. Imagine trying to make sense of a suburban street. If the scene has cars, traffic lights and trees, the model might focus too much on irrelevant details such as the motion of the leaves. It might miss the color of the traffic light, or the positions of nearby cars. “When you go to images or video, you don’t want to work in [pixel] space because there are too many details you don’t want to model,” said Randall Balestriero, a computer scientist at Brown University.
Yann LeCun, a computer scientist at New York University and the director of AI research at Meta, created JEPA, a predecessor to V-JEPA that works on still images, in 2022.
Tech1 week ago
Sports1 week ago
Entertainment7 days ago
Fashion7 days ago
Politics7 days ago
Tech7 days ago
Sports1 week ago
Entertainment7 days ago