Tuesday, January 25, 2011

mental block...and a nice bedroom design ;)

Hello world... (he... since my years playing with Basic that I wanted to start like that...)

Now seriously, I'm bit blocked here, it seems that anything you think about these days is related to sharing, improving, saving or just plain cutting... I like the idea of improving, so let's start there...

What's the definition of improving?... well google the all knowing super entity says: "Make or become better"; so let's start from there... much to munch in it already...


So let's go for the other topics...Sharing, saving and cutting....


What if we just improve everything? Imaging a room, if you want to improve a room what would you do? to start I would make it comfortable, and nice, then functional and then ... well, then probably enjoy it... so, what would be improving the room for me? exactly what I said... (stay with me...). 


To make if more comfortable, what would I do? 

  1. get a nice comfy bed,
  2. probably a nice looking desk,
  3. oh! yes, will make sure the heater/cooler work in the room so we have a nice temperature
  4. a chair, you always need a chair to dump stuff when you are tired..
  5. 2 bedside table, yes, that looks nice...
So, then we go to make it nicer:
  1. paint the room
  2. get a nice window (or change it, repair it, etc...lol! be careful with the guy's speech)
  3. and probably put some carpets to make it a beauty...
And finally we make it functional... really? well, no, we actually try to make it functional at all times.. and this is where improving is really the key part...

So, we were making the room comfortable... let's do it in a functional manner...

  1. get a nice comfy bed, -> look for something related to the room size, that helps your back, and will help you sleep, that is functional... and you will only need to buy a bed once, and will last for a long time. Check that the bed is following overall international standards, and guidelines, so next time if you need to change the mattress, it really does fit...
  2. probably a nice looking desk, -> aha! great topic... depending on the size and style you choose why not go for a matching desk... so next time, you might like a desk that hides all your paperwork and your work life when you are trying to sleep...
  3. oh! yes, will make sure the heater/cooler work in the room so we have a nice temperature - And here it comes how to make it functional, yes, functional means green, cost effective, etc... so you will look into insulating the loft and the walls, checking the central heating, verifying that you have a good duvet that works for your personal thermostat, etc etc. make it right the first time, and you most probably won't have to spend too much money later... and hence, not cut so much...
  4. a chair, you always need a chair to dump stuff when you are tired.. and here comes the nice analogy... usually many companies dump their old legacy, or their operational rubbish on the closest "chair", so you end up with a huge pile of stuff that is not needed but nobody wants to bin... So, get yourself a nice basket for the laundry and a big bag for the charity shop... if you don't like it any more, send it to the charity shop bag, if is dirty to the laundry basket... and if it is clean and you like it... store it nicely :) That what you should do in your bedroom, and in your company!! 
    1. Charity = deletion or archiving depending on the data or system you are working on.
    2. Laundry basket = enhancement needed, but it is a needed device/dataset
    3. Store it = that's it...keep it, is working fine!
  5. 2 bedside table, yes, that looks nice...- and they do... but what you need to find here, is those little additions that will make the big different... 
So, brain dump finish, I think that give an idea of what it was up here in my head... so unplug and have fun!


Thursday, January 13, 2011

Who was it?

Hi Guys,
This week has been pretty good so far, I've spoke with very interesting people and learnt a few good things.
Today in the morning, I got an article from the BCS about public sector and security. At first, it look pretty average, and just explaining the usual topics that relate to security when any company is downsizing (really old word I know..) in search of efficiencies and cost reduction, as much as the UK government is doing now.

So, what did I find so interesting? Well, we have been reducing, looking for efficiencies, cutting costs and spending again around the globe for...well, forever!! So, what we have learnt that we could re-use? Who was the security guy that looked after the warehouses in the big crisis around 1920 that provided a secure place for the goods even though he lost half of his security guards? How did he manage? Or the question should be, did he actually manage to do it?

So, as we (yes, me and half of the world population) says, google it! Check if you can find something... so I did... and I did, and I checked again... and then I realised that my weak and silly brain was not going to get the right search phrase to get me the results...Therefore, as one of my ex-colleagues and good friend used to say, "if you cannot find it all, just guesstimate!"

Let's pretend that there was a group of security personnel on the banks in the US in 1920, and that they got rid of 60% of their staff due to the crisis... so at that time, most of the activities were manual processing and physical security, so what would they have done? Here is my list:


  1. change the locks on the safes
  2. change the locks on the doors
  3. get pictures of all the people that left and identify them every time they came near the bank.
  4. rotate the remaining security personnel (john at the door works near the cashier now, and the guy inside the safe works out at the main door, etc.)
  5. get a risk assessment for each of the profile of person leaving
  6. advise all the bank service people or staff that provides services to the public of the risk assessment.
  7. try to automate any security changes to minimise people knowing the safe combinations, etc. (for example, without a machine, you could get 2 people having half of the combination, so if any of them try to provide it, the other needs to give the other half, etc.)
And I'm sure there are loads more, but this will come handy for my comparison.... so then, there have been several other crisis around the globe, but have we learn anything? I think so... at least in concept.

Nowadays we do have a better set of tools, and a much more open environment to discuss this topics (wanting or not, if you don't open, they will open it for you)... so let's talk about security and technology... and a wee little caveat before to start: " This is not the magic solution, just a brain dump" ... so be kind but do comment... ;)

  1. Change the passwords to all critical servers (the safe this time is virtual, so take care of it!!)
  2. Change the passwords of all outside facing servers and devices (yes, if anyone is trying to get in, they shouldn't have the key already!)
  3. Identify who has left, and you might be able to get a little program monitoring for anyone trying to use those accounts (even though you already cancelled them, destroy them, etc.)
  4. Get the firewalls a wee refresh, so kick those beautiful firewalls and get them with new keys, new algorithms, etc... it is free and very easy to do. Do you have the alternative to refresh the monitoring systems? Well, check that you are monitoring what you need to, and add a little check for all the users gone.
  5. Assess your risk, here is the tricky part nobody can have a full body scan and brain scan to check what they were thinking when leaving, but create a table and define levels of risk... For example, if the guys managing firewalls leaves the company upset and annoyed with everyone, that might be a higher risk than the CEO of the bank leaving after getting a sweet bonus
  6. Get a little check for these guys computers, and advise the ranks that you are adding tighter security methods. Even if they are just a batch file checking on logs for the webservers and so on... If you can and have the money, invest in a good centralise monitoring system, with nice reporting features, etc. that will help you loads.
  7. Automate, automate, automate!!! A long time ago, a security expert asked me:
Sec expert: Do you know what causes most of the data breaches? 
Me: curiosity?
Sec Expert: Nope, feelings! , people get upset with the company and get against them. second one is curiosity.
Sec Expert: And do you know how many feelings do computers have?
Me: none!!

Exactly!! none, automate, the system will not feel betrayed if you do something wrong, and with a good IdM system and a clear role definition you need to annoyed loads of people before the system gets any of that... so automate!! That is the best way, computers don't turn against you, humans do.

So, have we learnt anything? Conceptually yes, but I think that we are humans (luckily, life will be too boring with only computers around me), and that means that many times we "forget" to apply the simple rules and we end up in a big mess... or we just get stuck thinking on operational, everyday activities and never look into the more important topics that will save us time later... or well, you get the picture...

OK, brain dump time gone, back to work...

Friday, January 07, 2011

Agile but not stupid...

OK, the world is a better place because debate happens and exchange of opinions ... so, live and learn, or at least refine your opinions and knowledge... will be silly not to.

Anyhow, from my previous post "Before you call anyone know what needs to be done!!" I got a few comments back on email, the one I really got into was from a very good friend and ex work colleague (well, he was actually my boss, but don't remind him of that); he was following up on the research comment... 


And guess what? He was right again, research is great, but as he said "With a solid first phase of research, you got to get actioning to refine what you finally gonna get.. what you cannot do is to take a decision and be completely stuck on that till the end (without understanding the changes the new developments might bring" (my own wee little change in there)... this trigger another thread of discussion... and a very much word in the industry now... Everyone wants to be agile, Agile project management, Agile development, Agile life, Agile companies... etc etc... 


This is great don't get me wrong, action is what the world need, but hey! let's try not to be agile and stupid!... As my dearest ex-boss said, with a solid first phase of research, you got to get moving... and I agree, we need to be agile, fast, or you will end up deploying something that nobody needs any more.


So, I start thinking where to draw the line...  when should we stop research and start moving... uhhhmmm... and kept wondering... and thinking (ok, not such a clever guy after all)... and never ever got to an answer... and I think I know why, and will all depend on what you care about... Which are you ultimate goals, either they are financial stability of the company (or yourself), achieve a specific target (build a house or get petrol for you car), but that got to be the driver.


So, for example, if I need to get a new piece of software for accounting, I need to understand what am I gonna get from it in 1 year, 3 years, 5 and probably have a crazy idea of what it could become if I need to grow my company to a world class organization... So, what do I start? Well, let's see what big apps use in most cases, and what most big companies are using... will my accounting software become the ERP of the company later?, etc... you get the thought process. So, if we decide that the accounting system will grow to become the ERP, what gives me most of the options? probably keeping it on open standards, so more apps can be used to access it, and it is easier to move between vendors if need be, etc.... and even if we don't grow, keeping it open will help it use more cost effective strategies (cheaper options for the friend from the hood)... 


So there you go, another idea that escape my brain through my fingertips... Thanks to Heberto for the debate/discussion... always learning from him.


One last comment... the discussion is still ongoing, and as everything in life it goes on teaching me a bit every email... but as Seth's blog said this morning, there are risks and benefits to everything, and those should come as part of the overall selection of goals (short/mid/long term) and tools we will decide ...

Wednesday, January 05, 2011

Before you call anyone know what needs to be done!!

OK, yes, I'm back, Twitter is great, but doesn't leave enough space for me to play...

So, new year resolution, let's try to write up a bit about life and technology, and perhaps from time to time, a couple of good (or so I think) jokes...

"Before you call anyone, know what needs to be done!"
2 weeks ago, whilst rushing to get the xmas lights out and make the house look pretty again for the festive season (yes, I was a bit late with the snow and all) I found an old yellow pages... With the big sign written on the front page, "Before you call anyone, know what needs to be done!"... I thought it was genius... With so many tools at our fingertips, why not research before you pay...
Hence, I start thinking that this can translate to many areas of life... Imagine, you want to get a new car... hey! why not just go to the dealership closer to home and buy one... or just call them up and ask them to send one over... NO!!! not a chance, that is too much money, so let's research first, get the car we need for our needs... do we need a 4x4? perhaps with the snow, it might have been useful to have one... do we need a frontwheel car? surely... so keep researching and getting to the right one...

Same thinking applies to everything, but many times it looks like because we become a corporate citizen we forget about it... So, if you do it at home... you should do it in the office...

Imagine you want to buy stationary, when you buy for home, you think twice, you check which pen/pencils look nicer and which paper will give you the best quality for your photos, etc. without spending a fortune... so why not do the same for work?
Now let's talk a bit about cloud services (they seem to be what everyone wants to talk about today); so you decided that the first guy who came up on the web will be your cloud services provider... really?
Have you consider everything? Even more important.... do you know what needs to be done?!?

Start thinking what is your "Cloud" for?
- Will you use it for running the Office productivity suite?
- Have you consider that you might want to use several formats? pdf/odf/doc/etc? Do you need all the formats you are using?
- Do you want to use it for HPC? If so, what are you going to do with it? Is your code ready for it? Can you use something like Azure?
- do you need a Storage Cloud? Just getting rid of archiving, backing up and so on will be so nice... wouldn't it? But, can you move your data anywhere? Are you geo-bound?

So as you can see, much research to get done... but the best approach as most of the times is to follow Jack, and just rip it apart to get it right... so start by deciding which is the main goal... then decide what levels of openness/closeness you need to run the company (look into all the legal docs, or involved you legal department, perhaps someone who has a clue about IT will help), decide how green you are or wanna be, then look into alternatives and learn their benefits and limitations...

Is it an Public cloud good for you?

  • Do you hold confidential data? 
  • Do you provide services for medical institutions or financials? Can they afford to not have 100% control over their data?
  • can you hash your data? 
  • Which levels of performance you need?
Is it a Private Cloud for you?
  • Do you have expertise to run the cloud?
  • Can you provide the levels of security you need? If so, do you have everything you need?
  • how green do you wanna be? (yes, I know it repeats)
Is it an hybrid cloud for you?
Well, to be honest, I'm bias... From my point of view, most companies need a hybrid approach to cloud services, design their own Cloud architecture based on their own business needs, and then build/buy/collect each of the building blocks for it.

So, once you did your research and you "know what needs to be done!" then who are you going to call? Well, Ghostbusters are really busy these days, so look to your research and check for a company that can add value to your design. For example, have a broad approach creating very rough building blocks, then from there try to get a couple of companies to work the next levels for you. Decide your ERP architecture and get two good, known companies to design the implementation and sign off on it... That will give you peace of mind, and many of the big companies provide the service for Freee!! (oh! well...)

So come on, even if your company is a big one or a small one, you need to know what you are talking about.... and nothing better than getting to read and research... 

Some pointers:
Oracle Clarifies Cloud: http://goo.gl/f9nTa
And Wikipedia on Cloud computing: http://en.wikipedia.org/wiki/Cloud_computing

But none of the links above replaced our friendly pair of Googles

Cheers, and let's see if I keep my new year resolution... beside losing those 7 Kg.... 

Pablo.-