Security is an Illusion

I hear about the insecurity of the Windows OS on a daily basis. I have always said to those who view this as a weakness compared to other operating systems that it is merely a function of market share. As more people use a specific operating system, browser, or e-mail client more holes and vulnerablities will be discovered. A large share of the market garners a large exposure to exploitation.

It is beginning to happen to non-Microsoft products as they become more prevalent. Firefox, Mozilla, Apple, and Linux are enjoying larger distribution and with it more attention as viable targets. It plays back into the old computer addage; The only safe computer is an uplugged one locked in a closet. Security is an illusion.

Top five trends in cyber security

According to a report out today, the top trends in Internet security are:

1. Mac's OS/X operating system is no longer the "bulletproof alternative" to Windows.

2. There has been a "substantial decline" in vulnerabilities in Windows Services.

3. Internet Explorer continues to be vulnerable to attacks.

4. Firefox and Mozilla browsers also are vulnerable.

5. There has been a surge in profit-motivated attacks.

Source: SANS Institute

Overwhelmed by Response

It never ceases to amaze me how often I hear about people losing customers due to poor response. It seems that this is often caused by taking on more work than the business can handle. I have recently picked up two new customers due to this specific cause.

I can understand wanting to take on more business and thinking that it will be O.K. to get just one more client. The issue becomes a balancing act and it's a hard one to pull off, especially in the services industry. I have come up with a little rule of thumb that I have been implementing.

It goes like this; Book no more than 50% on the schedule for a Company Officer that is billing, and no more than 65% for a Billing Employee.

Why?

Because you can't schedule failures.

Everything in the computer biz breaks and it usually doesn't do so in a predictable fashion. There needs to be someone available at all times to take care of issues as they arise. If I'm on-site 50 hours a week, I can't take care of a system crash immediately. Therefore I only book 50% of my time. This has allowed me to flex existing appointments to take care of emergencies and has also ensured that I have enough time to handle a good piece of the books during regular business hours.

My employee has been able to take care of problems when I've been too far away to provide a good response time and we have managed to keep things rolling with very little for the complaint department to deal with (hey, no one is perfect!). We have managed to keep response times below 4 hours in all cases, and in most cases are able to get to a site within 2 hours or provide immediate remote support via the Internet direct to the users desktop.

Another major key is to know when to say enough. We aren't to that point yet, but it is in the foreseeable future. The schedule is slowing reaching my rule of thumb. When it does, it'll be time to ramp up another tech!

Pete

Good Grease Monkey

I've never been a huge fan of the "quickie oil change". In fact I have avoided the places for years due to some background in the auto industry and a complete lack of fear of car dirt. The horror stories about loose oil drain plugs and incorrect fluids give those of us that are "car guys" nightmares.

Until now.

I recently did some work by referral for a Grease Monkey owned and operated by Jeff Dill. While I was there I observed an incredibly efficient operation that almost seemed like a military operation. Not only were there two techs per car working, but they would call out to a third tech as they completed each phase of the job who was keeping notes on their progress.

It went something like this, Tech 1, "Oil draining.", Tech 2 "Rear diff emptied." Tech 3 "Check, Check", Tech 1 "Oil Drain plug tight.", Tech 3 "Check", Tech 2, "Rear diff tight" and so on until the job was done. Posts on the wall in the shop outlined phone protocol to the letter and customer care procedures. All of them were hand written, not corporate B.S. on glossy paper. It was an impressive demonstration of employee training and teamwork. I was so impressed I put my car in the queue (it was due for a drain and fill anyway). I'll even go back for another visit when I don't feel like getting grease under my fingernails.

If you need a "Change" I highly recommend these guys.

Grease Monkey
10880 W. Alameda Ave.
Lakewood, CO 80226
303-986-0110

Pete

Casa de Golf

I just got back into town from a job in Costa Rica. I know, how do I put up with it?
This job came up because my old boss bought a building down there on a golf course. He hired a local manager and staff and wants to rent the suites out for golf vacations. He didn't get a good feeling from the local technical people and decided he wanted me to take care of the phone system and computers. Referrals are the king!

I unfortunately didn't see much of the country due to the fact that I worked 25 out of the 48 hours I was on site, but I can tell you that the Coffee Seared Tuna at Dragonfly in Tamarindo is absolutely delicious. The nights are clear and swimming at 11 at night is totally comfortable. The country is rugged, hot, and rustic, but Casa de Golf is welcoming and civilized without feeling "touristy".

Prices seem to be on par with other Central American countries for food and activities. Casa de Golf is out of my personal price range, but if you can afford it I highly recommend it. There are many alternatives in the region for the budget restricted.

I just hope he decides to expand so I can go there again!

The web site is www.casadegolf.com .

Pete

Simplicity

I can't stress enough, the need for simplicity. Every day I run into systems and processes that are overly complex and under thought. This is a challenge to overcome for clients and businesses alike.

Anytime you consider a new system, technique, or process, think about the ramifications of that implementation. Additional software doesn't necessarily fix anything nor does it always make a job simpler or faster. The same can be said for meetings and business processes. Root causes of slowdowns in production and efficiency in the workplace are often the result of the people employed there and the systems/processes that they are forced to use.

For example; during an engagement at Enron (a whole other story!) I encountered an environment that was laden with overly complex processes. Our purpose was to stage and implement a data center relocation to a new facility in accordance with the Bankruptcy settlement.

The equipment consisted of about 500 computer systems, both Solaris and Windows based, 200 of which were to be decommissioned in the process. During previous relocations for other companies my co-worker and I (with a few other techs) had moved 300+ systems in a single weekend shift, so the job didn't seem to be too daunting. We met with the Enron project managers and encountered immediate resistance to every suggestion. It deteriorated into a five month meeting-fest.

Daily meetings during the first week were to plan the processes for the next week's daily meetings and so on. The flowcharts were prodigious and complex and we were told by the local systems engineers that it was physically impossible to move more than 30 systems in a night. They used three project managers and an admin assistant for each weekly stage. A PM was on the data center floor, one in the NOC, and one as a go between. The admin assistant's job was to check off completed servers on a wall chart with a marker. It took about 12 hours each Friday to move no more than 15 systems at a time. The project started in October and ended in March.

Given a one month prep and two weekends the same job could have been accomplished by the 5 person team I normally worked with and a few local Enron admins. In the end they paid nearly $250,000 in labor to the company I worked for at the time, and an amount I can't even estimate for room, board, and airlines. Why? Because of unnecessary meetings, processes, flowcharts and the word impossible. I still wonder why they hired us in the first place.

On the subject of systems; one of my newer clients had run into complexity issues with their servers and workstations. Their previous technical resource was a believer in software's ability to "fix" things. If there was any issue with a system he installed some software to fix the problem. Spyware scanners, registry cleaners, system tweakers, and so on. Soon the systems were struggling to run the software that was trying to save them.

I won't dispute that some of these things are handy tools and I use them when they are called for, but they do not fix the problem. They treat a symptom caused by the employees of the company that are surfing where they probably shouldn't be. Most of the "bugs" that I encounter are installed by the users inadvertently. They see a box pop up that asks a seemingly innocuous question and they click YES. They subscribe to e-mail newsletters of dubious origin in the quest for free stuff and dates. These are understandable behaviors that need to be modified.

The simple answer is user empowerment. Install non-resident software on the systems that will clean up the mess but not run in the background eating up valuable resources. Show them how to use it and tell them to run it once a week (they usually won't though). Check the systems on the next visit and run them yourself. Patiently explain to them how this software infects the system and show them the difference in performance on their newly cleaned machine and a dirty one. Explain the nature of "free internet stuff"; the comparison that I like to use is "Don't take candy from strangers". It's silly and gets a laugh, but it's a lesson that we all learned in our youth that applies.

The servers were overwhelmed with various contact managers installed for different users. Databases were scattered among the disks along with externally accessible web pages. Many of the programs were no longer used and there was no logic to the storage of data. Back ups for their 70GB of data was taking two tapes and drives, and ran into business hours every morning. The network was a mess.

To simplify it we reconfigured the drives in the servers and moved all the data into a single shared folder on one system. Permissions on the files were set up to define user access. Databases were transferred to a dedicated server and Exchange to another. Backups were reconfigured by archiving unchanging data and an incremental system was devised with full backups on weekends. A list of approved software was created and the management forced users to abandon software that was no longer supported.

We approached this job like all the others; schedule recurring site visits, show up, check the systems, ask the employees questions, use minimum resources to get the job done. Simple.

In my experience complexity is not an answer.

Pete

Scheduling

I know this may seem a little elementary to some people, but one should never underestimate the benefits of scheduling. Running a services based organization doesn't lend itself well to a defined schedule; nonetheless, having certain days and time slots reserved for specific clients and tasks is extremely helpful.

Reserve a weekly time slot for client follow-ups and try to keep to that schedule. Your clients will begin to expect hearing from your company and may even begin to line out work lists based on your calls. A pre-scheduled visit later in the week will be much smoother and more organized if you have an outline of the areas that need attention. Use Outlook or your favorite calendaring system to keep track of these recurring appointments. Reserve an appropriate slot of time for tax and payroll as well. These tasks have a nasty habit of eating up weekends and nights if they are neglected.

Always treat time slots that are scheduled for internal work with the same priority as external appointments. Treat your own business as if it is another client. Find ways to remind yourself of the importance of maintaining your relationship with the business. It is just as important as your relationship with your customers.

Starting a Business Blog

About six months ago I ran across the blog of a new entrepreneur ( http://wannabeentrepreneur.blogspot.com ). Kirk's journey towards self-employment reminded a lot of mine and I thought he had a great idea when he suggested that others with entrepreneurial spirit start their own blogs. The goal would be to help each other out with ideas and experiences. Visit his Blog, he has some good insights into the initial startup of a "sales oriented business".

My aim for this Blog is twofold.
First; to provide some helpful insights for my own clients and visitors.
Second; to share some of my own experiences with others out there looking to escape the yoke of employment for the freedom of Traversing Independence.