Archive
Taking Time to Give Thanks
With Halloween in the rear view mirror and Christmas right around the corner, it is easy for Thanksgiving to get lost in the shuffle. Bordered by two holidays where much of our society is focused on gifts of candy and presents, Thanksgiving is sort of an “odd man out” and like many of the other holidays, much of its meaning is oftentimes overlooked.
While not the official start of the Thanksgiving holiday that we celebrate today, it was George Washington who in 1789 declared Thursday, Nov. 26, a day of “thanksgiving.” This was a one time occurrence and its intent was to devote a day to “public thanksgiving and prayer” in gratitude to “the service of that great and glorious Being who is the beneficent Author of all the good that was, that is, or that will be.”
Washington’s Thanksgiving Proclamation
(Read the full proclamation here)
It wasn’t until 1863 that Abraham Lincoln set aside the fourth Thursday in November as our official Thanksgiving holiday, but it is the day that George Washington set aside that gives this holiday special meaning to me. The meaning of the word “thanks” is associated with an “expression of gratitude”; and to give thanks is to express that gratitude to others.
(Read the full proclamation here)
In both cases, George Washington and Abraham Lincoln were expressing gratitude to the Almighty God for the wonderful gifts He had bestowed on a fledgling nation. While we can join in these expressions, each of us has something unique to be grateful for. Maybe it’s your health, or your family or friends. Maybe its your finances or the fact that you have achieved long sought after goals in your life, or simply that you have a roof over your head – each of us has something to be thankful for on this Thanksgiving Day.
So, on one of the most important holidays of the year, one that focuses on giving thanks for the blessings that we have received in the past year, let’s stop and take the time to thank the God Almighty, respective spouses, family members, friends, or whomever deserves that expression of gratitude.
After all, isn’t giving thanks what Thanksgiving is all about?
Living a Passionate Life
You may (or may not) have noticed that I have been visibly absent from posting over the past few months. The long and the short of it is that quite a few things have happened in my life which have led me to focus on, well…, my life.
The biggest impact was the loss of my mother to lung cancer back in October. For those of you privileged to know her, she was quite the lady and she kept her wit and humor intact to the very end. For the most part, her passing was relatively quick and heaven truly gained an angel that day. She was a profound influence in my life and I will miss her deeply. I kept this event pretty much to myself, but for those of you who were aware and comforted me during this troubling time, thank you. My mom always kept things to herself (including her health issues); maybe I am more like her than I originally thought.
Not long after her passing I had to travel out of the country for business. My journey took me to the island of New Caledonia – a French territory northeast of Australia. That was roughly a 22 hour trip and during that time, I was able to think about my life, where I currently was, and where I wanted to be.
What I realized during that time is that in many areas of my life I was simply going through the motions. I was reminded of the following quote from Steve Jobs,
“The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.”
Our time on earth is too short to live without passion but that is exactly what I was doing – and exactly what I promised myself I would never do. I came to the realization that I was settling in way too many areas of my life and it was time for a change.
pas·sion
noun \ˈpa-shən\
: a strong feeling of enthusiasm or excitement for something or about doing something
They say that you should never make big decisions right after a life changing event, but I have never been one to listen to advice when my heart tells me otherwise. As such, I resigned from my job at Continuum Labs to return to the pursuit of my dreams. Continuum is a great company and I truly believe in their products and services; I just didn’t feel like my contributions were enough to warrant my being there. And those that I was making were not aligned with my passions; it was time for me to reboot my career. I will always be their biggest fan and can only hope that in some small way my tenure has made a positive impact. I will no longer work with my close Continuum friends on a daily basis, but something tells me that we will work together again some day; I look forward to that day. (BTW, if you haven’t had a chance to check out their latest app, CareSync, I HIGHLY recommend it. You will never look at your healthcare the same way again.)
So what am I doing now? My LinkedIn profile says that I am an independent consultant with a company called ForgeRock. What that essentially means is that I am refocusing my career on those areas that make me want to jump out of bed each morning: privacy, identity, trust, and making the Internet a safer place to be. I am continuing to work on the security projects that helped make me Platinum with both Marriott and Delta this year, but I am using my downtime to work on my own security-focused applications and services. While they might not be as sexy as CareSync, I believe there is a definite need for what I am envisioning; but only time will tell. In the meantime, stay tuned.
An unexpected benefit behind all of this is that I am now working at home and am spending more time with my wife and kids. We talk more. I drink morning coffee with my wife, and I am actually there when my kids have a problem. I now see things around the house that need my attention (and what my family has been putting up with as I travel to work each day). Rather than making excuses that I am too tired, I now have the time to fix those things that need fixing. I have the time to make a healthy lunch (or gorge on the box of Oreos if I so desire). I also have time to reboot my exercise life and have the flexibility to take walks with my family as well. Simply put, I have time.
So does this now mean that I will spend this time on blogging, tweeting, and participation in online activities? Maybe. But as with any precious asset, time must be invested properly and spent wisely. With the passing of my mother, I have been reminded that one of the wisest investments you can make is in spending time with others and investing in friendships is never a bad investment.
So who knows where I will devote my time the only thing guaranteed is that it will involve others.
Again, stay tuned.
The Real Role of a Leader
A humorous look at the role of a leader in any organization. If you have ever been a leader, I’m sure you can relate to this quote from an anonymous author.
As nearly everyone knows, a leader has practically nothing to do except to decide what is to be done; tell somebody to do it; listen to reasons why it should not be done or why it should be done in a different way; follow up to see if the thing has been done; discover that it has not; inquire why; listen to excuses from the person who should have done it; follow up again to see if the thing has been done, only to discover that it has been done incorrectly; point out how it should have been done; conclude that as long as it has been done, it may as well be left where it is; wonder if it is not time to get rid of a person who cannot do a thing right; reflect that the person probably has a spouse and a large family, and any successor would be just as bad and maybe worse; consider how much simpler and better matters would be now if he had done it himself in the first place; reflect sadly that he could have done it right in twenty minutes, and, as things turned out, he has had to spend two days to find out why it has taken three weeks for somebody else to do it wrong.
Overcoming Personal Battles
Did you know that Lord Nelson, England’s famous naval hero, suffered from seasickness his entire life.
It’s true.
In a letter recently found in the Camden family archives, Nelson expresses sympathy for the 2nd Earl of Camden‘s 16-year-old nephew by admitting to his own personal weakness.
“I am ill every time it blows hard and nothing but my enthusiastic love for the profession keeps me one hour at sea.”
(See YouTube video: Lord Nelson Seasickness Letter in Tunbridge Wells.)
How could the man who destroyed Napoleon’s fleet lead men into battle when he himself was fighting a battle within himself? He did so by not only learning to live with his weakness – he learned to conquer it. And in so doing, he went on to become England’s greatest Naval hero.
Most of us have situations in our own lives that challenge us on a day to day basis. These may be physical or they may be psychological, but rest assured, everyone who has ever tried to accomplish anything in life has had to overcome their own personal seasickness.
Oftentimes it is a private war; carried on quietly within our own lives. But unlike heroes like Nelson, no one will celebrate our victories, no one will recognize our successes, and no one will pin a medal to our chest for winning. But even without the fanfare from others, nothing can dim the quiet satisfaction of knowing in our own hearts that we did not give up!
Cherish the People
I recently spent some time going through old business cards. Netscape, Sun Microsystems, Trusted Information Systems… Companies that were once giants in their industries – now gone. Their technologies no longer discussed except in circles of old folks (like me) reminiscing years gone by. The act of discarding these cards felt somehow like I was closing the final chapter of their very existence.
In a world where LinkedIn has become the electronic business card used by most people, I still felt compelled to hang on to these artifacts. Not for the contact information (that was long out of date), but for the memories that each card had left behind. Each person that I did business with or simply met at a conference has influenced me in some way. Whether it was a simple nugget of information provided by an acquaintance or an introductory meeting with someone that I have built a relationship with throughout the years, those cards represent people that have made me who I am today. For some odd reason I felt like I was throwing away a piece of them and wondered how LinkedIn could possibly replace the paper I held in my hand. Even so, it was time to move on and I continued with my quest.
Before committing each card to the trash, I took a moment to reflect back on those relationships. Some of the names were no longer familiar to me. Notes quickly scribbled on the backs of cards no longer made sense. I was reminded of people I had forgotten and wondered where they were today (I had better look them up on LinkedIn). But as I tossed the last card into the trash, one thing became abundantly clear. Companies and technologies come and go, but people stay a part of you forever.
Discard the cards, but hang on to (and cherish) the people.
Don’t Just Complain, Do Something About It!
A hopelessly lost salesman came upon a farm house where the owner was rocking away on his porch. Late and desperate to get back on the road he stopped to ask for directions.
“Take the dirt road in the direction that the sun sets; keep going until you go past the old post office. Make a left after you drive past the broken down tractor that them Taylor boys left a sittin’ there,” explained the farmer. “Keep a goin’ a bit more until you pass the old sawmill, …” he continued but was interrupted by his old hound dog who let out a rather painful groan.
“Aroooogh,” moaned the dog.
The farmer continued, “…once you get past old McGreevy’s farm, make another left, and …”
“Arooooooogh”… once again, the dog lets out a painful moan.
“Excuse me,” asked the salesman, “but is there something wrong with your dog?”
The farmer looked down at the dog, paused a second, and then replied, “Naw, he’s just lying thar on a nail”. “Wait a minute,” asked the puzzled salesperson, “if he is lying on a nail, why doesn’t he just get up?” Without missing a beat, the farmer said matter of factly, “Don’t hurt enough to get up, just to complain about it…”
Moral: How many times have you criticized someone for how they are doing something? How many problems have you solved with your friends over beers at the local pub? How often do you feel like you have a better idea? Well, stop complaining about it and do something about it!
Remember: “It is better to light a candle than to curse the darkness.”
Is Your Intellectual Property Slipping Out the Door with Their Pink Slip?
(I wrote the following article for BABM Business Magazine back in May/June of 2009. The article is reprinted here with their permission.)
With the latest layoff news continuing to add chaos to the economy, CEOs need to protect their businesses in case of staff cuts, restructuring or consolidation of offices. While your company may not be planning layoffs now, there is no guarantee that in three or six months from now this will be the case. There are steps your business should take, both proactively and reactively, to ensure that your most valuable information such as customer data and contracts isn’t walking out the door with terminated employees.
Ideally, even before layoffs occur, businesses need to be prepared to protect their assets. Employees may sense a layoff is imminent and start grabbing what data they can before they get the official word. This could lead to a loss of your company’s most valuable contacts that former employees may use to compete against you. Proactive monitoring of systems, before layoffs begin, can ensure that your company’s data is protected.
There are a variety of technologies you can implement to monitor your employees’ access of specific applications. For example, you can monitor who has access to what type of database and determine if an employee is running unusual reports. Are certain employees extracting every field, downloading the data to a local disk and/or sending it to themselves over email?
Having a solid process for role provisioning and access management will help limit access of certain information to those people who need it to do their jobs. If levels of access to various applications and corporate information are assigned for each job description, it is easier to set up monitoring systems for each employee as well as protocols for changing passwords and other termination procedures to remove access when an employee is let go.
A good rule of thumb is to trust, but verify. Monitoring can be performed at many levels and includes database access, disc usage, and whether or not USB drives are being plugged into company computers. Monitoring can even determine if proprietary data is being sent to an email account. When it comes to access management and monitoring, CEOs and executive management need to weigh how much protection they want with how much they protection they can afford. It’s a formula that will vary for every company.
Once a company is in an action stage and layoffs are about to begin, it’s almost too late to protect and secure its data without shutting off access altogether (which may not be feasible in all cases). As a fallback plan, many companies provide their security team with a list of users they plan to let go. On the morning the layoffs are to take place, the team is tasked with acting on the list and locking out those employees from their accounts. But there’s often the lingering feeling that something was missed. Are they prevented from accessing your systems remotely? Are they still receiving their email on their home PCs? Does the employee have access to vendor accounts? Can your security team effectively map the employee to all the accounts they have accumulated over the years?
There are many types of technologies that can be used from a proactive perspective and subsequently verified from a reactive perspective. CEOs should be proactive and have an effective user provisioning solution in place. This ensures that they have accounted for all the systems and the types of system access where a user has an account. Once layoffs have occurred companies should continue monitoring mission critical systems to ensure that the access has been terminated appropriately. A security event monitoring solution on the back end can monitor log files or traffic patterns to these systems and immediately notify of any unusual activity.
Companies that have implemented centralized account management systems have peace of mind that they can quickly prevent access by employees who are no longer associated with the company. They can be certain that they have locked all accounts being managed by the system and actions such as terminations can be performed by management (ahead of time) rather than needing to involve people from the security team.
Companies that have not implemented a centralized account management system are increasing their workload and effectively putting valuable corporate assets at risk. At this point, there has to be due diligence as you have to perform these tasks manually. The potential for damage is great, however, and fallout will rise exponentially as more layoffs occur. If you have implemented a centralized user provisioning system, congratulations! If not, don’t panic, there are still tasks you can perform to help protect your assets.
- Prepare your list well in advance and give your security team a chance to locate the various user accounts.
- Work with functional managers, supervisors, or project managers to further determine the user’s access.
- Monitor system logs and network traffic to determine if any unusual access or traffic patterns appear. Respond immediately.
Even with this type of preparation, the tasks can be quite time consuming and it could take weeks to properly locate and delete access. Hence, our advice is that it’s better to take more proactive steps to avoid headaches and possible customer data and other business asset loss later on. Getting a handle on your role provisioning and user access procedures and having a plan for monitoring employee application use are good places to start.
Staff reduction is never easy and you should make the separation as painless as possible. It is unfortunate that some employees view corporate assets as their own and feel entitled to take information with them when they leave. As a business owner responsible to shareholders or even to the remaining workforce, you need to take every action possible to ensure the protection of this data.
Advice to CIOs for High Exposure Projects
I read an article in CIO Magazine about the plight of today’s CIOs when multi-million dollar multi-year projects go awry. The article entitled “The CIO Scapegoat” indicates that it is unfair to hold the IT department completely responsible when there are so many other business units that contribute to a project’s demise. In many cases, the CIO takes the fall for the failure and, as a direct result, they are either demoted, moved into a different organization or let go altogether.
The article goes on to provide advice to CIOs who are beginning such undertakings. First and foremost, large, complex projects should be broken up into “bite-sized” chunks and proper expectations of what will be delivered in each “mini-project” should be set – and agreed upon – with the various stakeholders.
I could not agree more with this statement and find it most concerning that this is not more of a common practice within the IT industry. In our World of rapid prototyping (turned production) and just-in-time development, to think that you could perform a multi-year project without implementing several checkpoints along the way is simply insane. This may be one of the reasons why the average life-span of a CIO is only two years within the same company.
CIOs who agree to perform projects under such conditions really need to read my previous blog entitled “Lessons Learned from Enterprise Identity Management Projects“. While it was written mainly for enterprise identity projects it has direct applicability to any enterprise project. In that article I directly address specific points about expectation setting and bite-sized chunks (did CIO Magazine read my blog on this?) and by taking my advice to heart, the average CIO might be able to extend their stay.
Lessons Learned from Enterprise Identity Management Projects
I have been implementing and/or managing identity-related projects for over 10 years now and I can say, from experience, that the biggest problem with any Identity Management project can be summed up in one word: EXPECTATIONS.
It does not matter whether you are tackling an identity project for compliance, security or cost-reduction reasons. You need to have proper expectations of what can be realistically accomplished within a reasonable timeframe and those expectations need to be shared among all team members and stakeholders.
Projects that fail to achieve a customer’s expectations do so because those expectations were either not validated or were not shared between all parties involved. When expectations are set (typically in a statement of work), communicated (periodic reports), and then reset if necessary (change orders), then the customer is much happier with the project results.
Here are a few lessons I have learned over the years. While they have general applicability to major projects, in general, they are especially true of identity-related projects.
1) Projects MUST be implemented in bite-sized chunks.
Identity projects are enterprise-wide projects; you should create an project roadmap that consists of multiple “mini” projects that can demonstrate an immediate ROI. The joke is, “How do you eat an elephant? One bite at a time.” To achieve success with identity projects, you should implement them one bite at a time and have demonstrable/measurable success after each bite.
2) The devil is in the data.
Using development/test data that is not representative of production data will kill you in the end and cause undue rework when going into production. Use data that is as close to production as possible.
3) Start with an analysis phase BEFORE scoping the entire project.
I HIGHLY recommend that the first project you undertake is an analysis. That will define the scope for which you can then get a better idea of how to divvy up the project into multiple bite-size chunks and then determine how much — and how long — each chunk will take. This allows you to effectively budget both time and money for the project(s).
Note: If a vendor gives you a price for an identity implementation without this, then run the other way. They are trying to simply get their foot in the door without first understanding your environment. If they say that the analysis phase is part of the project pricing, then get ready for an extensive barrage of change orders to the project.
4) Get everyone involved.
Keep in mind that these are enterprise-wide projects that affect multiple business units within your company. The project team should contain representatives from each organization that is being “touched” by the solution. This includes HR, IT, Help Desk, Training and above all, upper-level management (C-level).
(The following items apply if you are using external resources for project implementation.)
5) Find someone who has “been there and done that”.
Ask for references and follow up on them. More and more companies say that they can implement identity-related projects just because they have taken the latest course from the vendor. This is not enough. If training alone could give you the skills to implement the product, then you would have done the project yourself. You need to find someone who knows where the pitfalls are before you hit them.
6) Let the experts lead.
Don’t try to manage an Identity Management project unless you have done so before – and more than once. I have been involved with customers who have great project managers that have no experience with identity projects, yet they want to take ownership of the project and manage the resources. This is a recipe for disaster. Let the people who have done the implementation lead the project and allow your project manager to gain the knowledge for future phases.
7) Help build the car, don’t just take the keys.
Training takes place before, after and during the project. Don’t expect to simply take “the keys” from the vendor once the project has been completed. You need to have resources actively involved throughout the project in order to take ownership. Otherwise you not be able to support the product — or make changes to it — without assistance from the vendor. Ensure that you have your own team members actively engaged in the project – side by side with the external team. To do this, you have to ensure that they are not distracted by other work-related tasks.
 |  |  |  |  |
Easy Identity 