Friday, December 15, 2017

Social Awkwardness

Tongue tied during that last presentation? 

Communication Skills. You have them, chances are that they could use a tune up. 

A lot of IT professionals have trouble communicating, especially, in a public setting. When IT professional get nervous in a public setting, they default to what we know best and sometimes we come off as a know it all. 

Frances Cole Jones, in the Ted Talk video below has some great tips and techniques that might just be the "E" Ticket ride you're looking for.

Frances Cole Jones, TED talk

Thursday, December 14, 2017

Interpersonal Relationships

Human interactions, communication, it's really our strongest tool.  

It's either a well honed tool we use every day or a dusty piece of shelf art. 

 Too often Information Security and Compliance Professionals are perceived as being from the Department of "...NO!..".  Time to make a course correction...time to work on your communication skills. 

Caroline Webb, a frequent contributor to the Harvard Business Review,  World Economic Forum, Fast Company, Quartz, Business Insider, Huffington Post and WIRED has come great insights to share on what works and what doesn't with hard science to back it up. 

Take a look at her video presentations and research here, nothing ventured, nothing gained...

Caroline Webb

Failure is NOT an option!....or is it? best to manage the possibility, failures plague the IT / Business must have an IT Program Management Office to manage the four types of IT work:

(1.)  Business Sponsored Project Work
(2.) IT Sponsored Project Work
(3.) Keep the Lights On [KLO] Work
(4.) Unplanned Work [the killer]

Depending on who you ask, anywhere between 40 and 70% of IT projects end in missed requirements (failure).  

How best to manage the IT / Business interface to ensure project success, as measured by the business?  Smart leaders let the IT PMO manage their IT investments.

Gene Kim of Tripwire fame started the dialog with his ground breaking book, "The Phoenix Project", the next phase of evolution should be a much wider adoption of the Program Management Office to actively manage the IT / Business interface and forever return IT to being a servant of the Business...

Gene Kim's excellent book, the "Phoenix Project"

Attention to Detail

Attention to Detail.  It's the mark of a true Professional.  

Anything you train to do, as a professional is worth doing precisely and efficiently. 

Cloud Information Security as noted here, is an opportunity to excel or diminish your brand, in a truly spectacular fashion.

Pentagon "shares" Top Secret NSA data via "CLOUD"


Skepticism. A little skepticism just might be a good thing.

It amazes me that we’re not more skeptical when it comes to Internet of Things (IOT) devices and SCADA security. Not in a Fear, Uncertainty and Doubt (FUD) kind of way, just a little old fashioned healthy skepticism please.

Bruce Schneier brings to light many of the “…unintended consequences…” we will eventually face as we roll out more and more IOT connected devices and don’t ask enough skeptical questions.

A Computer as big as the world!

Don't allow your business to become over dependent on your technology...

Be Prepared. Worthless platitude or words to live by?

When I was in the Military, we used to have a saying “…six ways in, twelve ways out…”. While at the Doctors office today, all I heard was “…the internet is down, we can’t help you, go home!...”. Satisfied customers?

Arthur C. Clarke once wrote a short story, “Superiority”, penned in 1951, it should be required reading for every business leader about being too enamored by technology.

Does your team have twelve ways out?

"Superiority" by Arthur C. Clarke

Friday, October 13, 2017

Microsoft should take a lesson from US Admiral McRaven

For the love of all that is holy, publish timely, accurate, helpful documentation on your products and services!

I attended a "Security Seminar" at Microsoft's office yesterday, oddly, it was interesting. Lot's of sales pressure to be sure, interesting speakers (oddly), some interesting content (even more interesting), lunch was out-freaking-standing, but...the Evil Empire (my old Alma Mater, Microsoft) is suffering more and more each week with "...can't see the forest from the trees..." syndrome. In their rush to make everything "Azure Cloud Enabled" they are violating the 6"P's" of the Information Technology World, namely, their documentation sucks like a black hole!

Competent product documentation is expected for a company like yours, if you can't get the little things right, how can we trust you with the big stuff?

Learn to make your bed every morning dog gone it!

They could really take a lesson from US Navy Admiral McRaven's 2014 University of Texas commencement speech, made famous on Youtube, you are Microsoft for crying out loud, we expect you to do great things, but for the love of all that is Holy, do the little things right, but NO! Their product documentation really, really sucks, and the really sad part is that in the seminar yesterday, when I asked about this, they freely admitted it. They asked me to upload my documentation for them to plagiarize!

For the last few months, we've been working with Microsoft's new Data Loss Prevention [DLP] suite (a mix of some E3 and E5 level products) and they have very compelling capabilities, a rich Chinese Menu approach to DLP, somewhat difficult to explain to Engineering and Software Development Managers (we've got over twenty-five of them), but we've developed some cheat sheets, take the sting out of the Organizational Change Management [OCM] aspects of the adoption. The OCM aspects are by far the most difficult part of the implementation to date.

The big hurdles have been:

(1.) Finding relevant documentation.

If we could have found relevant documentation on the concepts, basic building blocks, product names (which seem to change almost daily), capabilities, etc...things would have gone so much more smoothly. I mean...really? The power of "scoped policies" in the Azure Information Protection blade, a total white wash in your documentation, a veritable King Kong powerhouse in reality.

(2.) "How To" articles that make no sense whatsoever.

You are not wanting for articles entitled, "blah, blah, blah deployment Roadmap...", if only it WAS a roadmap! Ninety-nine times out of one hundred it was just some engineers mental masturbation about how cool his dream is and how stupid you are for not sharing the dream and understanding his user experience to support his dream. An endless parade of embedded hyperlinks in the online documentation that takes you farther and farther down the rabbit hole and provides little to no value to the "roadmap" you are looking for in the first dang place!

I mean, now really, even Perry Clarke would have trouble figuring out how to enable AIP based outbound mail rules in this fine kettle of fish.

(3.) Blog articles that promise to be timely and relevant.

The best was the Information Security Blog article that talked about their fabulous new Tech Writer and his/her valiant efforts to bring things up to date and make them relevant. Nice idea, but, five months after the article, none of this has materialized. We used to joke that "...Microsoft has the worlds worst software and the worlds greatest marketing!...". It is no less true in 2017 that Microsoft still has the worlds best marketing (lord knows I got a refresher bombardment of marketing yesterday) and now they have the worlds worst product documentation.

Proud Moments to be certain.


Guys, take a breather like you did with your " computing..." initiative and bring in a small army of Tech Writers, and make your Product Marketing Managers and Engineers work with them to provide we, your customers [you know, those annoying people that pay you?], with documentation worthy of the name "Microsoft", not shiny, not flashy, not "gameificationed" just helpful.

But you wont...

So, Microsoft guys and gals, if your still reading, go read this book, we, your frustrated and very technical customers will be glad you did:

Admiral McRaven's book on Amazon