Tuesday, March 30, 2010

Quote of the Week

From now on I am going to do a quote of the week.

Here is my first:

Concentrate your energies, your thoughts and your capital. The wise man puts all his eggs in one basket and watches the basket --Andrew Carnegie

Wednesday, March 10, 2010

Quote of the Day.

"One of the very nicest things about life is the way we must regularly stop whatever it is we are doing and devote our attention to eating." ~Luciano Pavarotti

Tuesday, March 9, 2010

Losing Andrew Carnegie (reposted)

This article was posted on Seth Godins's Blog. Since it is short and sweet, I figured I'd repost it here and comment.

Andrew Carnegie apparently said, "Take away my people, but leave my factories and soon grass will grow on the factory floors......Take away my factories, but leave my people and soon we will have a new and better factory."

Is there a typical large corporation working today that still believes this? Most organizations now have it backwards. The factory, the infrastructure, the systems, the patents, the process, the manual... that's king. In fact, shareholders demand it.

It turns out that success is coming from the atypical organizations, the ones that can get back to embracing irreplaceable people, the linchpins, the ones that make a difference. Anything else can be replicated cheaper by someone else.

I often (wish to be able to) describe myself as the Dale Carnegie, Zig Zigler, and Stephen Covey of the IT world. There are so many powerful people who have written books that have shaped many an executive. What I want to do is take these works and apply them to IT. A perfect example is how we have tried to fix the IT world with SOPs and Processes such as ISO 9000, Six Sigma, CMMI and etc. We (in IT) try to make up for lack of skill and resources by embracing processes. Processes are good, however they do not make the employee. We must focus on hiring the right person for the right job. We must lose the paradigm that states all people can be trained to perform any task. We need to focus on who and what IT is. After all I can't expect to become a heart surgeon from reading SOP's and OJT. I need to go to medical school first!

If you are tired of the fire fight....get proactive. Don't just say it, do it!

Thursday, March 4, 2010

Undercover: A Painful Lack of Security

Here is another good article. The gist of the aticle is that a Security Executive is having a hard time finding a job. He interviewed with a CIO and had a good feeling. Eventually an executive with an engineering background was hired. I know that security is overlooked and put on the back burner when budget cuts hit home. However I agree that an executive with a engineering background was hired as the CSO. I.T. is in the Engineering and Operations business PERIOD!!!! Security is to support that business by following the CIA triad.

Let's examine the CIA triad. First we have Confidentiality, Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Next up Integrity, In information security, integrity means that data cannot be modified without authorization. Lastly and most importantly, Availability. For any information system to serve its purpose, the information must be available when it is needed.

In my experience, many security professionals forget about availability. Hence the need to hire someone with an engineering background. Engineers think outside the box, they find mitigation strategies versus releasing untested patches and shutting down critical systems. If security were a CI duo, I can hire people to sit on a SOC (security operations center) for about 30k a year and I would not need a CSO. However given the importance of security, there needs to be a security officer that is a partner in the business of I.T. --not sand in the gears!

Wednesday, March 3, 2010

How IT is set up to Fail

I was reading an article titiled "Why IT is designed to Fail". Click here to read the article. Below is my response.

Very good article. I feel the biggest challenge to a CIO, is staffing their departments correctly. The CIO paradox will continue until the CIO realizes he/she is in the IT business and the IT business is Engineering and Operations. Project Management, Life Cycle, and Security are inputs to the final output i.e. Engineering and Operations. Until this happens most IT organizations will be staffed inappropriately and [productive] work flow will slow –the end result is in a loss of productivity and creditability. The basic premise is to understand the difference between an Engineer and an Operator. The next step hire qualified IT Project Managers. In my opinion the IT organization should be heavy with engineers, sprinkle in a few IT Project Managers, Security Analysts and lastly (and most importantly) a dedicated group of Operators.

Lastly, your article points out that most CIO’s refer to their projects as being Business Projects versus IT projects. This is a bad course to take because it takes ownership of the (business) project from the CIO and thrusts it onto the business unit. The project fails and the CIO gets the blame for that failure. Bottom line, the CIO is in the Engineering and Operations business –if that is not cool enough, get an MBA and move on!

Tuesday, March 2, 2010

Microsoft speaks FISMA, TIC, FIPS 140-2, and ITAR --MS in the Cloud?

I was perusing Federalnewsradio.com today and came across the article. Microsoft is looking at the cloud for public sector organizations. According to Teresa Carlson, head of Microsoft Federal, explained that the company has been in the cloud for a very long time, but with this offering they have not just met -- but exceeded -- the federal requirements. Really? I didn’t know there were federal requirements for the cloud, but alas there are standards (FISMA, TIC, FIPS 140-2, and ITAR).

Carlson explained that Microsoft’s cloud offering would allow an agency to put its data in a Microsoft data center under the compliance standards she's outlined. "So, there's really a Trusted Internet Connection or TIC back into their system --managed with all the compliance and security enhancements. . . . They [the agency] would consolidate servers. They would not need as much personnel to manage all that data. Their [hardware] upgrades would be instant. They don't have a bunch of infrastructure that they have to manage, so their costs are going to be reduced."

She did stress, however, that while Microsoft is proud of its cloud offerings, agencies have to look at whether or not cloud is right for them.

Amen to that I say. Microsoft has been on the cloud sideline for a while as compared to Google, Amazon, and Apple among others. I think we need to change the paradigm even further, reduce the personal computer to a cloud device such as the Netbook, Chrome, or iPad or their successors. You want to cut costs and reduce personnel? Say bye to the PC. Furthermore, in order to adhere to Records Management, Paper Reduction, and other congressional Acts remove or limit the need to print! I don’t mean virtual desktops, I mean think outside of the box and retool your software and service delivery strategies. Xerox did this at PARC almost 40 years ago and then they walked away from it. Question: Are we going to walk away from a possible paradigm shift?

Click here for MS article.

Monday, March 1, 2010

Quote of the Day

Baseball great Rogers Hornsby summed it up: "People ask me what I do in winter when there's no baseball. I'll tell you what I do. I stare out the window and wait for spring."

Quote of the Day --(barrowed from another blog I read)

This is a quote from Tim Cook at Apple, I found on a Blog I read from time to time:

“This [Apple] is the most focused company I know of, am aware of, or have any knowledge of... We say no to good ideas every day.” Cook then pointed out to analysts that every single product the company makes would fit on the single conference table in front of him. “And we had revenue last year of $40 billion."