#CyberBookClub


Once upon a time there was a company that made magic wands, but when they were hacked all the magic in the world couldn’t prevent their data from being stolen. If that company had a chance for a clean start, what would they have done differently? The unlikely hero isn’t a security guy. She’s a business elf who makes it her mission to change the way her company does business from the top down.

I gave every member of my team this book at Christmas time partly to see who will read it and talk with me about what George has to say; partly to spark a conversation about what my team does and where we can be better at helping the business be a partner.

Let’s not Demonise Complexity

When I first saw this image I smiled a little and thought wow they are trying to say complexity is BAD.

To many organisations complexity is bad mostly because they want to have a lower skilled workforce… Well it seems that way at least.

I was talking with someone the other day who was lamenting that “FIM was ridiculously hard, kind of like SCCM”.

I don’t want to rant about IT Generalists expecting to be able to just pick up the DVD and go with many Microsoft Technologies but will say I’m coming up on my third attempt at passing the FIM 2010 Technology Specialist Exam and it is NOT an easy product BUT I didn’t expect it would be …

I want to spend some time talking about complex products that make the Business of IT and the Business of Business easier or Complexity can be your friend.

So I’m keen to relearn my FIM 2010 mojo by building a solution but also because I’m an Infrastructure guy not an application developer, I’m keen to build it code free except for some PowerShell.

#BCC2011 How to Handle Difficult Clients

One of the best sessions I went to at Bar Camp Canberra 2011 was “How to Handle Difficult Clients” by Danni (@daniib) and Jason (@jhando).

I found them both to be engaging speakers although it was mostly a conversation. Which gave me some insight into what it might be like to be a client ish.

BTW I thought the session was great and some other folk spoke to me about it later and Lurved it too

Andy Clarke’s Killer Contract

Andy Clarke 24 Ways

Merlin Project Method (probably more about agile these days 22nd Dec 2019)

The only reason for time is…..

“The only reason for time is so that everything doesn’t happen at once.” Albert Einstein

This quote was used in a TV show I was watching this morning because I wanted to know the exact quote I Binged it and found it on Quote DB. Those who know me will understand that I often have difficulty remaining on task, so I looked wider and found:

Any fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage — to move in the opposite direction.”

Of course everyone can tell I needed to rewind the programme because I spectacularly moved off task.

So what freakishly ridiculous long bow am I trying to pull?

I’ve just come back from AUTechED trying to resist the the marketing after glow….

I am increasingly a fan of Role Based Administration and Workflow Enabled Provisioning.

We currently use with a major client tools like:

  • SCCM 2007 R2 (ConfigMGR) to Deploy Servers and Desktops, Deploy Applications, Printers and Secure Shares;
  • FIM 2010 for Directory Synchronisation and some stuff we perhaps should not be.

maybe we should be looking at Service Manager, SSP 2.0 for SCVMM  which of course implies SCVMM and what looks like a very good option for stringing it all together Opalis.

So where is the genius in this post?

We do some things in my view the hard way and perhaps because we didn’t know what we didn’t know, and I am so tempted to implement everything in the System Center Enterprise Suite and leverage the whole ecosystem BUT today I’m leaning toward a big long roadmap for this client.

BUT …

Once we get a chance to train and define an offering, I think a whole business unit can be built around building complexity in what we offer to drive simplicity for our clients.

In other words I love the Microsoft Ecosystems and see promise in System Center and Forefront for completely abstracting the use of native tools into fully automated, work flow driven, user self service. The glue in this seems to be solid scripting in PowerShell well we need something complex to make things seem easy.

Agencies SHOULD

I am rethinking how I would deal with elements of designs where a security control says agencies should…

I have been notionally sharing in the agencies should = do what you want because that seems to be how some folk read the guidance.

But of course this is garbage, so today is the day where “agencies should” actually means our risk assessment says… at least when looking at my projects.

I’m thinking a few times it will really be “Computer says NO” or actually Agencies MUST.

Just thinking out loud

*** Update ***

To drive some context

“[–,IC-P,r] non-agency owned devices
6.8.9. Agencies should not allow devices not directly owned and controlled by the agency to be used with their systems.”

Generally speaking there are many people who see the use of home computers for remote access as the only real method of large scale remote access, allowing for remote workforce in times of emergency or pandemic (Highlights for a 2020 readership). I would be concerned that this would quickly lead to “Bring your own computer” policies becoming more of a norm.

I would need serious convincing that BYO Computer is sensible but remote access on the other hand I can see being a necessity in the short term.

So what would a risk assessment look like?

Cloud could make you look bad

OK I saw this headline and thought here we go…

IT warned: Cloud could make you look bad

Aussie government CIOs will soon face increasing pressure to explain why in-house ICT services take so long and are so expensive to deploy compared to cloud-based services, Ovum has said.

In a research note, director Steve Hodgkinson warned the cloud “will come to be viewed as the fastest, cheapest and easiest way to source basic commodity ICT services”….

I do agree Private cloud is the way for the Commonwealth to drive efficiency but it will require some very interesting collaboration and some leadership. Of course there will be issues with connectivity among security domains (I assume there is not a recommendation for a cloud service per classification) and management of that access, perhaps it will require security clearances for MANY more Public Servants and Professional Service Providers or build the many networks with air gaps between.

My point is IT deployment in Government takes time because of Architecture, Design, Build Engineering, Testing, Deployment and Maintenance. Solutions are Integrated, Data Protection is in place, there are SLAs, Security and Access Management is in place and there is a responsibility to the Users and Executive (Departmental and Government).

So what are my examples of cloud making CIOs look bad…

  • How about 72 Hours without email? and having the Vendor say “there are no SLAs (service level agreements) offered on managed exchange, POP e-mail or webmail services.”
  • A cloud services vendor making data available to other customers, the week before running workshops for Government IT Managers asking for their business?

I have other reservations and these are logistical and usability issues

  • What about Identity Management? We use many applications in our business and I’d like to manage all of our Identity requirements. I know if you use a username and Password pair users make them all the same which is not optimal.
  • What about customisation? This moves away from the cloud providers selling space / time on a cookie cutter basis and would drive up cost.
  • and of course a cloud service we use has broken features and has not been updated in several months but our cloud dream is tainted by users asking when we will have some of the issues fully resolved. Yes this is a beta and we see promise so we persist BUT not really the promise of the cloud delivering no admin worries, rapid development / deployment and worry free user experience. One of the features is the out of cloud backup so no we don’t run EVERYTHING on this service.

So for me I think Government CIO’s may look bad in Delivery and Cost but better than the OOOOPs sorry but no SLA that makes the majority of cloud offerings cheap and agile.

Can we measure with the same stick????

Give me a cloud service providing 3500 Users with Email, Document sharing, filtered Internet, reliable and timely printing plus a Finance and CRM System. And compare an on premise solution.

People need to take scale into account and service level too.

So rolling my eyes I think here we go, Cloud Services Providers are the ASP’s of this decade this is NOT a panacea and far from the brave new world those with a cloud service to sell would have you believe.

IT warned: Cloud could make you look bad – Internet – iTnews Australia

Channel Life – Reseller Profile in CRN this Month

Well after talking with Sholto about the media, I took a punt and spoke to him in the context of a reseller profile for CRN Australia. Well those of you who know me well understand I can talk under water and being perpetually 15 years old this is can be quite the concern. We covered many topics and spoke for about 40 minutes and exchanged a couple of emails.

I must say that I am really happy with the article but there are a very small number of things that are not quite right and we know how I am about things being just so but really they are small and folk probably wont even read in the detail I do, so all good

I do think that me reading the article before it was published would have made it perfect, and really I would not have changed a thing except the bits that were not quite right. That said I understand why the passage in my previous post is what it is, but in the case of this article it is a very Davidesque piece and I’ve been told that the article reads like a conversation with me. Very spooky.

Can I request to see an article before it is printed?

You can ask, but a journo won’t show. If every interviewee was able to see the article beforehand, inevitably they would want to make changes, and then the difference between journalism and public relations disappears. The media’s promise to its audience is to give an independent assessment of the topic or person in question. However, in some cases you can ask to see your quotes, which are the parts of the interview the journalist intends to use. These can only be checked for accuracy; it is not an opportunity to censor your own comments.

Mis-stepping with the media (Hopefully) Never Again

I’ve said some dumb things in my life and sometimes even to the media, so with some trepidation about saying things I might regret, I was chatting with Sholto Macpherson Editor of CRN Magazine at ExpoTech in Canberra. A day or so later I asked him for some advice about the media, I posed some questions and he graciously agreed to let me blog it. Here is the whole transcript of the media relations topic…

Good to talk with you on Wednesday, this can either be an idea for you to write or also happy to do it through my blog, but I think folk don’t really know how to deal with the media, at least I don’t. So how do we get the basics out there?

My questions would be…

· How do I control what gets printed?

The short answer is, you can’t. It’s the difference between PR, whom you pay to put out a message that you have control over, and the media, which reports the facts as accurately as it can. At least that’s the theory. People talk to the media for a variety of reasons, but the reason why companies spend so much effort on launches, events, etc with the media is because audiences take more notice of what a journalist says than they do a paid-for ad. There are many other reasons which I’ll go into in an article.

· Can I control what is and what is not on the record?

If the interviewee asks the journalist to keep his/her comments off the record, and the journalist agrees, then the journalist should honour that promise. Of course, like in any business, there are unscrupulous journalists, but generally you can feel certain that if you want to make a private comment it’s not going to appear as headline in the next issue.

· Should I consider everything will be printed?

That’s a very good assumption and a useful guide to thinking about what to say, even though it will almost never occur. It’s like how the internet is one big magazine – only put online what you are happy for your mother to read.

· Can I request to see an article before it is printed?

You can ask, but a journo won’t show. If every interviewee was able to see the article beforehand, inevitably they would want to make changes, and then the difference between journalism and public relations disappears. The media’s promise to its audience is to give an independent assessment of the topic or person in question. However, in some cases you can ask to see your quotes, which are the parts of the interview the journalist intends to use. These can only be checked for accuracy; it is not an opportunity to censor your own comments.

· What tips would you give to deal with the media?

Well that is all we discussed so far as this was really a quick brain dump and of course I’d like to see an article about media in depth. Other questions I asked included…

Additionally publicity avenues · How do we get press releases picked up?

· What is of interest to you and not just self promoting drivel?

· What style format etc is a good thing? Or don’t you care because you will edit the copy?

and of course I look forward to reading those answers in CRN in the fullness of time, it has made me think more about leveraging one of my Clients who just happens to be a Small PR Firm, so maybe I have a little bartering to do with Anita soon.

One last thing in a follow up email Sholto asked me what my answers might be since “– as a blog writer, you are in the media too! “

Well I don’t really think of my self like that, I’m really just a Techo with a big mouth, big opinions, and a tendency to use a reference to the Tism song “5 Yards” directed at my self when I behave badly.

Here are the basic rules for me: all answers to my original questions…

  • I post to the blog you print it ;-D OK really I’ll often ask if I say “fred nerk said “ If you don’t like a post let me know I’ll replace it with *** David had a 5 Yards Moment *** (not happened yet)
  • Everything is NDA unless I got it elsewhere first. Again If you don’t like a post let me know I’ll replace it with *** David had a 5 Yards Moment ***
  • Even if I’m wearing a shirt / button that says “I’m Blogging this” probably not I tend to remember the things that stick in my mind, and chances are you will have said crap can we keep this between us by then. BTW it is more likely that I’m in a “nobody reads my blog” TEE-Shirt if truth be known, my only loyal reader is the Google search spider.
  • Nope but since you set your RSS reader to update Mackie.is-a-geek.net every 5 Minutes you could be the one and only hit If you don’t like a post let me know I’ll replace it with *** David had a 5 Yards Moment ***
  • Again not the media just a guy with a blog that VERY FEW people read.

You’re only one small speck in space
You’re only one life, soon erased
Be there none left on Earth but you
One thing will still remain true:

Now just as back then Nobody reads this but I try to learn these lessons to keep them front of mind…